@lcv-ideas-software/cross-review 4.0.3 → 4.0.5

package/CHANGELOG.md

@@ -7,7 +7,100 @@ standard `v00.00.00`; npm package versions remain SemVer.
 
 ## [Unreleased]
 
-## [v04.00.03] — 2026-05-15
+## [v04.00.05] — 2026-05-15
+
+**Patch — hard-gate close-out for the Codex v4.0.4 audit.** This release
+closes the 6 residual findings left after v4.0.4 restored Prettier coverage.
+
+### Fixed
+
+- **AUDIT-1 (StepSecurity)** — existing actionable
+  `Source-Code-Overwritten` detections for generated `dist/*` publish
+  artifacts were suppressed through the existing narrow post-rename
+  StepSecurity rule: repo `cross-review`, workflow
+  `.github/workflows/publish.yml`, job `Pre-publish gate (test + metadata)`,
+  file path `*/dist/*`. The rule remains scoped to generated publish output
+  and does not hide source-tree overwrites outside `dist/`.
+- **AUDIT-2 (model-selection docs)** — `docs/model-selection.md` now uses
+  the post-v4 product name, removes misleading fallback wording from current
+  model behavior, scopes older provider-doc notes as historical, and links to
+  the real historical report
+  `docs/reports/cross-review-v2-api-capability-smoke-2026-04-30.md`.
+- **AUDIT-3 (no-fallback wording)** —
+  `src/peers/model-selection.ts` now describes failure paths as keeping the
+  configured model pin instead of using the old fallback phrase; the internal
+  selection parameter name was aligned to `configuredPin`.
+- **AUDIT-4 (agent rename history)** — `.github/copilot-instructions.md` and
+  `.ai/GEMINI.md` now preserve the historical package transition as
+  `@lcv-ideas-software/cross-review-v2` →
+  `@lcv-ideas-software/cross-review`, instead of the tautological
+  post-rename name-to-itself text.
+- **AUDIT-5 (tag hygiene)** — release verification now treats the remote
+  padded tag as authoritative and local clones should fetch tags before
+  using `git tag --points-at HEAD` as evidence.
+- **AUDIT-6 (artifact identity)** — new
+  `npm --registry=https://registry.npmjs.org run release:verify-registry`
+  validates npm registry `dist.shasum`, `dist.integrity`, and `dist.tarball`
+  via `scripts/verify-registry-dist.mjs`; the publish workflow runs it after
+  npmjs.com visibility succeeds so future audits do not confuse local
+  `npm --registry=https://registry.npmjs.org pack --dry-run` output with
+  published registry identity.
+- **GHA npm registry discipline** — every active GitHub Actions npm command
+  outside dependency installation now passes
+  `--registry=https://registry.npmjs.org`; GitHub Packages publish commands keep
+  that default registry flag and override only the package scope registry.
+- **Grok `-latest` model-match dot aliases** — `BasePeerAdapter.modelMatches()`
+  now treats `grok-4-latest` resolving provider-side to dot-release ids such as
+  `grok-4.3` as the same Grok 4 family, while still rejecting true cross-family
+  downgrades such as `grok-3-*`. This closes the live HARD GATE false positive
+  where Grok returned a READY verdict but the runtime rejected it as
+  `silent_model_downgrade`.
+
+### Tests
+
+- Added smoke markers for model-selection documentation/link hygiene,
+  no-fallback wording, agent-instruction rename history, and registry
+  artifact metadata verification.
+- Added `npm_registry_discipline_test` to keep active GHA npm commands and
+  nested package scripts on the explicit npmjs registry unless the command is
+  dependency installation/update.
+- Extended `model_match_latest_alias_test` to pin
+  `grok-4-latest` → `grok-4.3` alongside the existing dated-id alias case.
+
+## [v04.00.04] — 2026-05-15
+
+**Patch — restore prettier coverage of `src/` and `scripts/` (close audit
+finding on v4.0.3 hard-gate gap).** The v4.0.3 ship added biome but also
+moved `src/**/*.ts`, `src/**/*.js`, `scripts/**/*.ts`, `scripts/**/*.js`
+into `.prettierignore` to dodge a biome↔prettier disagreement on the
+dynamic-import call-style. Net effect: prettier ran against zero JS/TS
+under `src/` and `scripts/`, silently turning one of the four hard-gate
+checks into a no-op there. v4.0.4 restores full prettier coverage and
+keeps both formatters green simultaneously.
+
+### Changed
+
+- `.prettierignore` no longer excludes `src/**/*.ts`, `src/**/*.js`,
+  `scripts/**/*.ts`, `scripts/**/*.js`. Prettier and biome now both
+  check the full JS/TS surface.
+- `scripts/smoke.ts` — the 7 dynamic-import sites that triggered the
+  biome↔prettier wrap disagreement were rewritten from the
+  destructure-from-call form to a 2-statement form (`const mod = await
+import("..."); const { A, B, C } = mod;`). Functionally identical;
+  static type inference preserved because the import argument remains a
+  string literal in 6 of 7 sites and a template literal in 1.
+
+### Why a 2-statement refactor instead of a config tweak
+
+Biome 2.x and Prettier 3.x disagree on where to wrap when
+`const { ... } = await import("...")` exceeds `lineWidth`/`printWidth`:
+prettier breaks after `=`, biome breaks inside the call parens. Neither
+tool exposes a per-rule config knob for this specific case. Aligning
+`lineWidth` (already 100 in both) doesn't help because the disagreement
+is about which axis to break on, not the threshold. Refactoring to a
+form short enough to keep on one line each removes the disagreement at
+the source — durable across future biome/prettier releases without
+relying on tool-internal heuristics matching.
 
 **Patch — biome integration to satisfy the 4-gate quality directive
 (operator 2026-05-15: eslint + biome + prettier + cross-review).** The

package/README.md

@@ -21,7 +21,7 @@ npm install -g @lcv-ideas-software/cross-review
 npm install -g @lcv-ideas-software/cross-review --registry=https://npm.pkg.github.com
 ```
 
-**Status.** Stable. Current release: **v04.00.00** (npm package `4.0.0`). See
+**Status.** Stable. Current release: **v04.00.05** (npm package `4.0.5`). See
 [CHANGELOG.md](./CHANGELOG.md) for the release history.
 
 > **Project renamed 2026-05-15.** This project was previously published as
@@ -36,6 +36,8 @@ The version history at a glance:
 
 | Release | Scope |
 |---|---|
+| **`v04.00.05`** | **Patch — hard-gate close-out for the Codex v4.0.4 audit.** Clears the 6 residual findings: StepSecurity `Source-Code-Overwritten` detections for generated `dist/*` publish artifacts are suppressed against the existing narrow post-rename rule; `docs/model-selection.md` now uses the post-v4 product name, removes misleading fallback wording, and links to the real historical v2 capability-smoke report; model-selection failure text now says it keeps the configured model pin instead of the old fallback phrase; Copilot/Gemini agent instructions preserve the `cross-review-v2` → `cross-review` rename history; local tag verification is expected to use fetched remote tags; the publish workflow now records npm registry `dist.shasum` / `dist.integrity` / `dist.tarball` metadata so audits do not confuse local `npm --registry=https://registry.npmjs.org pack --dry-run` output with the published artifact identity; and `grok-4-latest` model-match accepts provider-reported dot-release aliases such as `grok-4.3` without weakening true cross-family downgrade rejection. |
+| **`v04.00.04`** | **Patch — restore prettier coverage of `src/` and `scripts/` (close audit on v4.0.3 hard-gate gap).** v4.0.3 added biome but also moved `src/**/*.ts`, `src/**/*.js`, `scripts/**/*.ts`, `scripts/**/*.js` into `.prettierignore` to dodge a biome↔prettier disagreement on dynamic-import call-style. Net effect: prettier ran against zero JS/TS under `src/`/`scripts/`, silently turning one of the four hard-gate checks into a no-op there. v4.0.4 restores full coverage and resolves the disagreement at the source — the 7 `scripts/smoke.ts` dynamic-import sites that triggered the wrap conflict were rewritten from destructure-from-call form to a 2-statement form (`const mod = await import("..."); const { A, B, C } = mod;`). Functionally identical; static type inference preserved. Both formatters now check the full JS/TS surface and pass simultaneously. |
 | **`v04.00.00`** | **Major — project renamed to `cross-review`** (drops the `-v2` suffix after the companion `cross-review-v1` project was discontinued and archived 2026-05-15). Breaking: npm package `@lcv-ideas-software/cross-review-v2` → `@lcv-ideas-software/cross-review` (old name stays on npm at `3.7.5` for historical installs); binaries `cross-review-v2` / `cross-review-v2-dashboard` → `cross-review` / `cross-review-dashboard`; env-var prefix `CROSS_REVIEW_V2_*` → `CROSS_REVIEW_*` across all config knobs that previously carried the `V2` infix (e.g. `CROSS_REVIEW_DATA_DIR`, `CROSS_REVIEW_DISABLE_CACHE_ANTHROPIC`); API-key env vars unchanged; per-host identity env vars (`CROSS_REVIEW_CALLER_TOKEN`, `CROSS_REVIEW_REQUIRE_TOKEN`) unchanged. GitHub repo URL: `LCV-Ideas-Software/cross-review-v2` → `LCV-Ideas-Software/cross-review` (auto-redirected). GitHub Pages: `cross-review-v2.lcv.dev` → `cross-review.lcv.dev`. MCP server key in host configs: operators who declared `cross-review-v2` rename to `cross-review`; after reload, MCP tool prefix becomes `mcp__cross-review__*`. Data dir migration is manual: operators copy `${HOME}/.cross-review/data_v2/*` into the new default `${HOME}/.cross-review/data/` (or set `CROSS_REVIEW_DATA_DIR` to the legacy path) — the v4.0.0 runtime reads only `CROSS_REVIEW_DATA_DIR` and does not fall back to the `_v2` suffix automatically. Preserved when copied: persisted session data, `config.json`, `host-tokens.json`, `cache_manifest.json`, archived/corrupt session dirs. Wire shape of all MCP tools, event types, convergence semantics is unchanged; all capabilities, peers, models, security defenses carry over from v3.7.5 verbatim. 504 source/script/doc text substitutions across 26 files. |
 | **`v03.07.05`** | **Patch — logs+sessions study 2026-05-15 close-out (4 surgical fixes from 244-session/429-round corpus).** **A1** — `session_doctor` classified cancelled sessions as `stale` (22 of 244 false positives); doctor now treats any terminal outcome (`aborted`/`converged`/`max-rounds`) as NOT-stale regardless of the persisted `convergence_health.state`. Source-layer state untouched (backward-compat with existing sessions). **A2** — `lockCallerPeerSelection` emitted false-positive `session.caller_peer_selection_ignored` events when callers passed a panel identical to the enabled set (13 of 106 recent events); the lock now accepts an optional `enabledPeers` snapshot in its context and short-circuits the emit when the caller-supplied list set-equals the enabled set (sorted comparison). **A3** — per-provider cache disable env vars (`CROSS_REVIEW_DISABLE_CACHE_ANTHROPIC|OPENAI|GEMINI|DEEPSEEK|GROK|PERPLEXITY`; provider names match v2.21.0 `_CACHE_TTL_*` convention; same parsing as `peer_enabled`); Anthropic default flipped to disabled based on empirical 0.3% hit-rate ($1.18 wasted to save $0.0035 over 244 sessions). Global `CROSS_REVIEW_DISABLE_CACHE` kill-switch unchanged; per-provider is an additive layer. Anthropic adapter `buildSystemBlock` + short-prefix warning gated on the per-provider flag; central `config.json` `cache` block accepts the new disable keys. **B1** — `session_sweep` gains opt-in `prune_corrupt: boolean.default(false)` + `corrupt_min_age_days: number.int.default(30)` to clean `<data_dir>/corrupt_sessions/` (no prior automated cleanup; 1 stale entry from 2026-05-08 v2.25.1 redact bug still on disk at study time). New `store.pruneCorruptSessions(minAgeMs)` returns `{scanned, removed, kept}`. Response shape stays `SessionMeta[]` when `prune_corrupt: false` (default); wraps to `{ swept, pruned_corrupt }` when true. **Patch bump** (3.7.4 → 3.7.5). |
 | **`v03.07.04`** | **Patch — Codex v3.7.3 parecer close-out + two cross-review-gate root-cause fixes** (APROVADO-COM-RESSALVAS; 2 parecer findings + 2 operator-directed fixes; no public-surface or tool-schema change). **`model_match` `-latest`-alias false positive (operator-directed)** — `BasePeerAdapter.modelMatches()` matched the reported model with `reported === requested` or `reported.startsWith(`${requested}-`)`. That works for a base id resolving to a dated id (`gpt-5.5` → `gpt-5.5-2026-04-23`) but FAILS for a `-latest` alias: xAI returns `grok-4-0709` for the pinned `grok-4-latest`, which does not start with the literal `grok-4-latest-`. Every grok response was flagged `model_match: false` → `status` forced `null` → `silent_model_downgrade` rejection → format-recovery skipped, so grok was dead-on-arrival in every cross-review session and no panel including grok could reach unanimity. Fix: `modelMatches` strips a `-latest` suffix to the family stem and matches the reported id against it (`grok-4-latest` → `grok-4` → `grok-4-0709` matches); a genuine cross-family downgrade (`grok-3-*`) is still flagged. New smoke marker `model_match_latest_alias_test`. **`detectFabricatedEvidence` false positive (operator-directed)** — the detector validated operational assertions (`npm run build`, `index <hash>..<hash>`, `cargo test`, …) against the `provenanceCorpus` (attached evidence) ONLY; the prior draft was lumped into `narrativeCorpus` and never consulted for assertions. The documented process REQUIRES embedding the verbatim diff + raw gate output in `initial_draft`, so when R1 didn't converge and a relator generated an R2 revision, the relator faithfully PRESERVING that embedded evidence was flagged as "fabricating" it → `lead_fabrication_repeated` abort (misread as "perplexity keeps fabricating"; in fact it hit any relator and was a detector self-contradiction). Fix: a **three-tier corpus** — `FabricationDetectionCorpus` gains a `priorDraftCorpus` field; operational assertions are flagged only when **net-new** vs `{provenanceCorpus ∪ priorDraftCorpus}` (symmetric with the hex-token check). Preserved evidence is not fabrication; the task `narrativeCorpus` stays excluded so the v2.24.0 eee886d3 protection holds exactly. Signature unchanged; interface gains one field. **AUDIT-1 (MEDIUM)** — `scripts/runtime-smoke.ts` injected cost rate cards for only 4 peers (codex/claude/gemini/deepseek), but the public MCP path strips a caller's `peers` list (the v3.3.0 `lockCallerPeerSelection` lock), so every round runs the full 6-peer panel; grok + perplexity had no rate cards → `missingFinancialControlVars` tripped → the round finalized `outcome=max-rounds`/`financial_controls_missing` while runtime-smoke still printed `ok: true` with no assert. Fix: inject grok + perplexity rate cards (+ `CROSS_REVIEW_PERPLEXITY_DISABLE_SEARCH` and per-size request-fee defaults), and add explicit `assert` calls on every async flow's durable terminal `outcome` (review round + unanimity flow → `converged`, cancellation flow → `aborted`) placed before the `ok: true` print so a non-converging round fails the smoke loudly. **AUDIT-2 (LOW)** — `src/core/convergence.ts` comment imprecision: the skip was framed only as "the user declared no fallback models", but `fallback_exhausted` is in the skippable set and arises AFTER a declared fallback chain is drained; both comment blocks now split the skip into its two paths (no fallback declared → retry-same exhausted → skip; fallback declared, tried, and drained → also skip). Comment-only, zero logic change. New smoke marker `runtime_smoke_outcome_assert_test` + 2 new `relator_evidence_provenance_lock_test` cases source-pin the fixes. **Patch bump** (3.7.3 → 3.7.4). |
@@ -134,7 +136,7 @@ Build and run locally:
 
 ```bash
 npm install
-npm run build
+npm --registry=https://registry.npmjs.org run build
 node dist/src/mcp/server.js
 ```
 
@@ -142,7 +144,7 @@ For local smoke tests (no-cost):
 
 ```powershell
 $env:CROSS_REVIEW_STUB = "1"
-npm test
+npm --registry=https://registry.npmjs.org test
 ```
 
 ## Configuration

package/dist/scripts/smoke.js

@@ -639,13 +639,12 @@ assert.equal(mismatch.round.rejected.at(-1)?.failure_class, "silent_model_downgr
 assert.equal(mismatch.session.failed_attempts?.at(-1)?.failure_class, "silent_model_downgrade");
 // v3.7.4 (operator-directed, session ecd03404): `model_match` must
 // recognize a `-latest` alias resolving to a concrete dated id. xAI
-// returns `grok-4-0709` for the pinned `grok-4-latest`; pre-v3.7.4
-// `modelMatches()` flagged that as `silent_model_downgrade` because
-// `grok-4-0709` does not start with the literal `grok-4-latest-`. That
-// forced `status` to null (base.ts:315) and rejected the peer, making
-// unanimity unreachable on any panel including grok. The fix strips the
-// `-latest` suffix to the family stem and matches the reported id
-// against it; a genuine cross-family downgrade is still flagged.
+// returns family ids for the pinned `grok-4-latest`; pre-v3.7.4
+// `modelMatches()` flagged `grok-4-0709` as `silent_model_downgrade`
+// because it does not start with the literal `grok-4-latest-`. v4.0.5
+// extends the same family-stem rule to dot-release ids observed in live
+// xAI responses (`grok-4.3`). These are alias resolution, not downgrade.
+// A genuine cross-family downgrade is still flagged.
 {
     const aliasStub = new StubAdapter(config, "grok", "grok-4-latest");
     process.env.CROSS_REVIEW_STUB_REPORTED_MODEL = "grok-4-0709";
@@ -658,6 +657,17 @@ assert.equal(mismatch.session.failed_attempts?.at(-1)?.failure_class, "silent_mo
     delete process.env.CROSS_REVIEW_STUB_REPORTED_MODEL;
     assert.equal(aliasResult.model_match, true, `v3.7.4 / model-match: a \`-latest\` alias resolving to a concrete dated id (grok-4-latest → grok-4-0709) MUST match — not trip silent_model_downgrade (got model_match=${aliasResult.model_match})`);
     assert.notEqual(aliasResult.status, null, "v3.7.4 / model-match: a matched `-latest` alias must NOT force status to null (base.ts:315)");
+    const dotAliasStub = new StubAdapter(config, "grok", "grok-4-latest");
+    process.env.CROSS_REVIEW_STUB_REPORTED_MODEL = "grok-4.3";
+    const dotAliasResult = await dotAliasStub.call("model-match -latest dot alias probe", {
+        session_id: result.session.session_id,
+        round: 98,
+        task: "model-match -latest dot alias probe",
+        emit() { },
+    });
+    delete process.env.CROSS_REVIEW_STUB_REPORTED_MODEL;
+    assert.equal(dotAliasResult.model_match, true, `v4.0.5 / model-match: a \`-latest\` alias resolving to a dot-release id (grok-4-latest → grok-4.3) MUST match — not trip silent_model_downgrade (got model_match=${dotAliasResult.model_match})`);
+    assert.notEqual(dotAliasResult.status, null, "v4.0.5 / model-match: a matched `-latest` dot alias must NOT force status to null");
     const downgradeAliasStub = new StubAdapter(config, "grok", "grok-4-latest");
     process.env.CROSS_REVIEW_STUB_REPORTED_MODEL = "grok-3-fast";
     const downgradeAliasResult = await downgradeAliasStub.call("model-match cross-family downgrade probe", {
@@ -670,7 +680,9 @@ assert.equal(mismatch.session.failed_attempts?.at(-1)?.failure_class, "silent_mo
     assert.equal(downgradeAliasResult.model_match, false, `v3.7.4 / model-match: a genuine cross-family downgrade (grok-4-latest → grok-3-fast) MUST still be flagged (got model_match=${downgradeAliasResult.model_match})`);
     // Source pin: base.ts modelMatches must carry the `-latest` family-stem branch.
     const baseSrc = fs.readFileSync(path.resolve(process.cwd(), "src", "peers", "base.ts"), "utf8");
-    assert.ok(/endsWith\("-latest"\)/.test(baseSrc) && /familyStem/.test(baseSrc), "v3.7.4 / model-match: base.ts modelMatches must handle the `-latest` alias via a family-stem match");
+    assert.ok(/endsWith\("-latest"\)/.test(baseSrc) &&
+        /reportedModel\.startsWith\(`\$\{familyStem\}-`\)/.test(baseSrc) &&
+        /reportedModel\.startsWith\(`\$\{familyStem\}\.`\)/.test(baseSrc), "v4.0.5 / model-match: base.ts modelMatches must handle `-latest` aliases via hyphen and dot family-stem matches");
     console.log("[smoke] model_match_latest_alias_test: PASS");
 }
 const focusSecret = ["sk", "test", "B".repeat(24)].join("-");
@@ -1165,7 +1177,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
 // (c) does NOT scan the accumulated buffer per delta — the contract is
 // `append measures only delta`.
 {
-    const { StreamBuffer, StreamBufferOverflowError, STREAM_TEXT_MAX_BYTES } = await import("../src/peers/base.js");
+    const baseMod = await import("../src/peers/base.js");
+    const { StreamBuffer, StreamBufferOverflowError, STREAM_TEXT_MAX_BYTES } = baseMod;
     const buffer = new StreamBuffer("smoke-peer");
     buffer.append("hello world");
     assert.equal(buffer.text(), "hello world");
@@ -2530,7 +2543,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
 // Chamada explícita com caller=claude e lead_peer=claude DEVE lançar
 // CallerCannotBeLeadPeerError. Sem fallback silencioso pra sorteio.
 {
-    const { assertLeadPeerNotCaller, CallerCannotBeLeadPeerError } = await import("../src/core/relator-lottery.js");
+    const lotteryMod1 = await import("../src/core/relator-lottery.js");
+    const { assertLeadPeerNotCaller, CallerCannotBeLeadPeerError } = lotteryMod1;
     let threw = false;
     try {
         assertLeadPeerNotCaller("claude", "claude");
@@ -2598,7 +2612,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
 // (não PEERS global). Sem isso, caller=claude com peers=["codex","gemini"]
 // poderia atribuir deepseek (não-participante) como lead_peer.
 {
-    const { assignRelator, resolveLeadPeer, LeadPeerNotInSessionError } = await import("../src/core/relator-lottery.js");
+    const lotteryMod2 = await import("../src/core/relator-lottery.js");
+    const { assignRelator, resolveLeadPeer, LeadPeerNotInSessionError } = lotteryMod2;
     // (1) Subset com 2 peers + caller=claude → assigned ∈ subset.
     for (let i = 0; i < 50; i++) {
         const a = assignRelator("claude", ["codex", "gemini"]);
@@ -3677,7 +3692,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
 // none/low/medium/high). Other Grok models (per xAI docs) reject the
 // param OR auto-apply reasoning internally, so we omit it.
 {
-    const { modelAcceptsReasoningEffort, GROK_REASONING_EFFORT_MODELS } = await import("../src/peers/grok.js");
+    const grokMod = await import("../src/peers/grok.js");
+    const { modelAcceptsReasoningEffort, GROK_REASONING_EFFORT_MODELS } = grokMod;
     // Allowlist contract: grok-4.20-multi-agent + grok-4.3.
     assert.equal(modelAcceptsReasoningEffort("grok-4.20-multi-agent"), true);
     assert.equal(modelAcceptsReasoningEffort("grok-4.3"), true);
@@ -4771,7 +4787,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
     assert.ok(!/CROSS_REVIEW_EVIDENCE_JUDGE_MAX_ITEMS_PER_PASS\s*\?\?\s*"8"/.test(configSrc), 'v2.18.5 / P1.4: legacy `?? "8"` default is gone (would silently double the worst-case judge call budget)');
     // (4) Behavioral: loadConfig() with env unset returns max_items_per_pass = 4.
     delete process.env.CROSS_REVIEW_EVIDENCE_JUDGE_MAX_ITEMS_PER_PASS;
-    const { loadConfig: loadConfigFresh } = await import(`../src/core/config.js?max_items_4=${Date.now()}`);
+    const freshConfigMod = await import(`../src/core/config.js?max_items_4=${Date.now()}`);
+    const { loadConfig: loadConfigFresh } = freshConfigMod;
     const cfg4 = loadConfigFresh();
     assert.equal(cfg4.evidence_judge_autowire.max_items_per_pass, 4, `v2.18.5 / P1.4: loadConfig() with env unset returns max_items_per_pass=4 (got ${cfg4.evidence_judge_autowire.max_items_per_pass})`);
     console.log("[smoke] max_items_per_pass_default_anti_drift_test: PASS");
@@ -4855,7 +4872,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
 // the new prompt caching surface. Pure-function tests (no API keys
 // required); they pin the structural invariants the runtime depends on.
 {
-    const { buildPromptParts, hashStablePrefix, assertHashInvariant, pairScopedCacheKey } = await import("../src/core/prompt-parts.js");
+    const promptPartsMod = await import("../src/core/prompt-parts.js");
+    const { buildPromptParts, hashStablePrefix, assertHashInvariant, pairScopedCacheKey } = promptPartsMod;
     const baseInput = {
         cacheSchemaVersion: "v1",
         systemRole: "You are a peer reviewer.",
@@ -4903,7 +4921,8 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
     console.log("[smoke] cache_rates_no_runtime_import_test: PASS");
     // (4) cache_manifest_atomic_write_test — write + multiple appends
     //     preserve every entry.
-    const { writeCacheManifest, appendCacheManifestEntry, readCacheManifest } = await import("../src/core/cache-manifest.js");
+    const cacheManifestMod = await import("../src/core/cache-manifest.js");
+    const { writeCacheManifest, appendCacheManifestEntry, readCacheManifest } = cacheManifestMod;
     const manifestSession = "550e8400-e29b-41d4-a716-446655440099";
     const manifestData = {
         session_id: manifestSession,
@@ -6144,6 +6163,99 @@ assert.equal(Object.hasOwn(metrics.decision_quality, "undefined"), false);
     assert.equal(pl.name, "@lcv-ideas-software/cross-review", `v4.0.2 / AUDIT-1: package-lock.json .name must be "@lcv-ideas-software/cross-review"; got "${pl.name}".`);
     console.log("[smoke] package_version_consistency_test: PASS");
 }
+// v4.0.5 (AUDIT-2..6, Codex hard-gate close-out 2026-05-15):
+// anti-drift checks for post-rename docs, no-fallback wording, registry
+// artifact verification and agent-instruction history.
+{
+    const docsPath = path.join(process.cwd(), "docs", "model-selection.md");
+    const docsSrc = fs.readFileSync(docsPath, "utf8");
+    const staleV2ThinkingPhrase = "Cross-review-" + "v2 is optimized";
+    const staleGeminiFallbackPhrase = "Gemini 2.5 Pro " + "fallback";
+    const missingCapabilityReport = "docs/reports/cross-review" + "-api-capability-smoke-2026-04-30.md";
+    assert.ok(docsSrc.includes("Cross-review is optimized for correctness over latency and cost."), "v4.0.5 / AUDIT-2: docs/model-selection.md must use the post-v4 product name in the thinking section.");
+    assert.ok(!docsSrc.includes(staleV2ThinkingPhrase), "v4.0.5 / AUDIT-2: stale v2 product-name wording must not return.");
+    assert.ok(!docsSrc.includes(staleGeminiFallbackPhrase), "v4.0.5 / AUDIT-2: Gemini docs must not describe the pinned model as a fallback.");
+    assert.ok(!docsSrc.includes(missingCapabilityReport), "v4.0.5 / AUDIT-2: docs must not link to the missing post-rename capability-smoke filename.");
+    assert.ok(docsSrc.includes("docs/reports/cross-review-v2-api-capability-smoke-2026-04-30.md"), "v4.0.5 / AUDIT-2: docs must link to the existing historical v2 capability-smoke report.");
+    assert.ok(fs.existsSync(path.join(process.cwd(), "docs", "reports", "cross-review-v2-api-capability-smoke-2026-04-30.md")), "v4.0.5 / AUDIT-2: linked historical capability-smoke report must exist.");
+    console.log("[smoke] docs_model_selection_rename_and_link_test: PASS");
+}
+{
+    const modelSelectionSrc = fs.readFileSync(path.join(process.cwd(), "src", "peers", "model-selection.ts"), "utf8");
+    const staleFallbackReason = "using the current " + "fallback";
+    assert.ok(!modelSelectionSrc.includes(staleFallbackReason), "v4.0.5 / AUDIT-3: model-selection reason text must not claim fallback use.");
+    assert.ok(modelSelectionSrc.includes("keeping the configured model pin"), "v4.0.5 / AUDIT-3: model-selection failure paths must describe keeping the configured model pin.");
+    assert.ok(modelSelectionSrc.includes("no-fallback policy"), "v4.0.5 / AUDIT-3: no-fallback policy wording must remain visible in model selection.");
+    console.log("[smoke] model_selection_no_fallback_wording_test: PASS");
+}
+{
+    const instructionFiles = [
+        ["copilot", path.join(process.cwd(), ".github", "copilot-instructions.md")],
+        ["gemini", path.join(process.cwd(), ".ai", "GEMINI.md")],
+    ];
+    for (const [label, filePath] of instructionFiles) {
+        if (!fs.existsSync(filePath))
+            continue;
+        const src = fs.readFileSync(filePath, "utf8");
+        assert.ok(src.includes("renomeado de `@lcv-ideas-software/cross-review-v2` no rename total Phase 2"), `v4.0.5 / AUDIT-4: ${label} agent instructions must preserve cross-review-v2 -> cross-review history.`);
+        assert.ok(!src.includes("renomeado de `@lcv-ideas-software/cross-review` no rename total Phase 2"), `v4.0.5 / AUDIT-4: ${label} agent instructions must not contain the tautological rename.`);
+    }
+    console.log("[smoke] agent_instruction_rename_history_test: PASS");
+}
+{
+    const pkg = JSON.parse(fs.readFileSync(path.join(process.cwd(), "package.json"), "utf8"));
+    const script = String(pkg.scripts?.["release:verify-registry"] ?? "");
+    assert.ok(script.includes("verify-registry-dist.mjs"), "v4.0.5 / AUDIT-6: package.json must expose release:verify-registry.");
+    const verifyScript = fs.readFileSync(path.join(process.cwd(), "scripts", "verify-registry-dist.mjs"), "utf8");
+    for (const required of ["dist", "shasum", "integrity", "tarball"]) {
+        assert.ok(verifyScript.includes(required), `v4.0.5 / AUDIT-6: verify-registry-dist.mjs must validate npm registry dist.${required}.`);
+    }
+    const publishWorkflow = fs.readFileSync(path.join(process.cwd(), ".github", "workflows", "publish.yml"), "utf8");
+    assert.ok(publishWorkflow.includes("npm --registry=https://registry.npmjs.org run release:verify-registry"), "v4.0.5 / AUDIT-6: publish workflow must verify npm registry artifact metadata after publication.");
+    console.log("[smoke] registry_dist_metadata_verification_test: PASS");
+}
+{
+    const npmRegistryArg = "--registry=https://registry.npmjs.org";
+    const isAllowedNpmCommand = (command) => {
+        const afterNpm = command.trim().replace(/^.*?\bnpm\s+/, "");
+        return /^(ci|install|update)\b/.test(afterNpm) || afterNpm.startsWith(npmRegistryArg);
+    };
+    const extractNpmShellCommand = (line) => {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("#"))
+            return undefined;
+        if (trimmed.startsWith("run: npm "))
+            return trimmed.slice("run: ".length);
+        if (trimmed.startsWith("npm "))
+            return trimmed;
+        if (trimmed.startsWith("if npm "))
+            return trimmed.slice("if ".length);
+        return undefined;
+    };
+    for (const workflowPath of [
+        path.join(process.cwd(), ".github", "workflows", "ci.yml"),
+        path.join(process.cwd(), ".github", "workflows", "publish.yml"),
+    ]) {
+        const workflowSrc = fs.readFileSync(workflowPath, "utf8");
+        workflowSrc.split(/\r?\n/).forEach((line, index) => {
+            const command = extractNpmShellCommand(line);
+            if (!command)
+                return;
+            assert.ok(isAllowedNpmCommand(command), `v4.0.5 / npm-registry: ${path.basename(workflowPath)}:${index + 1} must pass ${npmRegistryArg} unless it is dependency install/update.`);
+        });
+        assert.ok(!workflowSrc.includes("execFileSync('npm', ['--version']"), `v4.0.5 / npm-registry: ${path.basename(workflowPath)} npm subprocess checks must pass ${npmRegistryArg}.`);
+    }
+    const pkg = JSON.parse(fs.readFileSync(path.join(process.cwd(), "package.json"), "utf8"));
+    for (const [name, script] of Object.entries(pkg.scripts ?? {})) {
+        for (const part of script.split("&&")) {
+            const trimmed = part.trim();
+            if (!trimmed.startsWith("npm "))
+                continue;
+            assert.ok(isAllowedNpmCommand(trimmed), `v4.0.5 / npm-registry: package script ${name} must pass ${npmRegistryArg} unless it is dependency install/update.`);
+        }
+    }
+    console.log("[smoke] npm_registry_discipline_test: PASS");
+}
 // v2.6.1 NOTE: smoke coverage for `peer.fallback.budget_blocked` and
 // `peer.moderation_recovery.budget_blocked` is intentionally NOT
 // included. These two gates use the same arithmetic shape as preflight