@llm-dev-ops/agentics-cli 2.1.5 → 2.4.0

package/dist/pipeline/auto-chain.js

@@ -87,6 +87,1307 @@ function copyDirRecursive(src, dest) {
  * Called after every phase so even if later phases fail, earlier artifacts
  * are still available.
  */
+/**
+ * ADR-PIPELINE-074: scaffold body for `src/logger.ts`.
+ *
+ * Uses `node:async_hooks` AsyncLocalStorage so concurrent Express/Hono
+ * requests NEVER cross-contaminate log lines. The legacy
+ * `let currentCorrelationId` module-level mutable has been removed; any
+ * generator that reintroduces it is caught by PGV-016.
+ *
+ * Exports:
+ *   - `Logger` interface with info/warn/error/child
+ *   - `createLogger(service)` factory
+ *   - `runWithCorrelation(id, fn)` — wraps an async scope with the ID
+ *   - `getCorrelationId()` — returns the ID for the current async scope
+ *   - `setCorrelationId(id)` — legacy shim; mutates the current store
+ */
+export const LOGGER_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-074)
+// Correlation IDs flow through an AsyncLocalStorage so concurrent requests
+// never cross-contaminate log lines. Import runWithCorrelation + createLogger
+// from here; NEVER reach for a module-level mutable to store the ID.
+import { AsyncLocalStorage } from 'node:async_hooks';
+
+export interface Logger {
+  info(event: string, data?: Record<string, unknown>): void;
+  warn(event: string, data?: Record<string, unknown>): void;
+  error(event: string, error: Error, data?: Record<string, unknown>): void;
+  child(bindings: Record<string, unknown>): Logger;
+}
+
+interface LoggerContext {
+  correlationId?: string;
+  bindings: Record<string, unknown>;
+}
+
+const storage = new AsyncLocalStorage<LoggerContext>();
+
+/**
+ * Run \`fn\` with \`correlationId\` installed in the current async scope.
+ * Every log line emitted inside \`fn\` and its async descendants will carry
+ * this ID, and it will NOT leak to other concurrent requests.
+ */
+export function runWithCorrelation<T>(correlationId: string, fn: () => T): T {
+  const parent = storage.getStore();
+  const ctx: LoggerContext = {
+    correlationId,
+    bindings: parent?.bindings ?? {},
+  };
+  return storage.run(ctx, fn);
+}
+
+/** Returns the correlation ID for the current async scope, if any. */
+export function getCorrelationId(): string | undefined {
+  return storage.getStore()?.correlationId;
+}
+
+/**
+ * Back-compat shim — deprecated. Retained for legacy callers, but
+ * SHOULD NOT be used inside request handlers. Use runWithCorrelation.
+ * Under AsyncLocalStorage, this mutates the current store in place;
+ * outside an async scope it is a silent no-op.
+ */
+export function setCorrelationId(id: string | undefined): void {
+  const ctx = storage.getStore();
+  if (ctx) ctx.correlationId = id;
+}
+
+export function createLogger(service: string): Logger {
+  const build = (bindings: Record<string, unknown>): Logger => {
+    const emit = (level: string, event: string, extra?: Record<string, unknown>): void => {
+      const ctx = storage.getStore();
+      const entry = {
+        timestamp: new Date().toISOString(),
+        level,
+        service,
+        event,
+        ...(ctx?.correlationId ? { correlationId: ctx.correlationId } : {}),
+        ...bindings,
+        ...(ctx?.bindings ?? {}),
+        ...extra,
+      };
+      process.stderr.write(JSON.stringify(entry) + '\\n');
+    };
+    return {
+      info: (event, data) => emit('info', event, data),
+      warn: (event, data) => emit('warn', event, data),
+      error: (event, err, data) => emit('error', event, {
+        error: err.message,
+        stack: err.stack,
+        ...data,
+      }),
+      child: (childBindings) => build({ ...bindings, ...childBindings }),
+    };
+  };
+  return build({});
+}
+`;
+/**
+ * ADR-PIPELINE-074: concurrency-correctness test emitted alongside
+ * `src/logger.ts` in every generated project. Fails loudly if
+ * AsyncLocalStorage wiring regresses.
+ */
+export const LOGGER_CONCURRENCY_TEST_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-074)
+// Proves correlation IDs do NOT leak across concurrent async tasks.
+// Works with vitest and jest — both expose describe/it/expect as globals.
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import { describe, it, expect } from 'vitest';
+import { runWithCorrelation, getCorrelationId } from './logger.js';
+
+describe('logger correlation-id async scoping (ADR-PIPELINE-074)', () => {
+  it('does not leak correlation IDs across concurrent async tasks', async () => {
+    const results: Array<{ requested: string; observed: string | undefined }> = [];
+    const tasks: Promise<void>[] = [];
+    for (let i = 0; i < 50; i++) {
+      const id = \`req-\${i}\`;
+      tasks.push(
+        runWithCorrelation(id, async () => {
+          await new Promise((r) => setTimeout(r, Math.random() * 10));
+          results.push({ requested: id, observed: getCorrelationId() });
+        }),
+      );
+    }
+    await Promise.all(tasks);
+    for (const r of results) {
+      expect(r.observed).toBe(r.requested);
+    }
+  });
+});
+`;
+/**
+ * ADR-PIPELINE-068: scaffold body for `src/simulation-lineage.ts`.
+ *
+ * Exported so unit tests can write the file to a temp directory and
+ * exercise the runtime behavior (env override, manifest walk, fallback)
+ * without having to spin up the full pipeline.
+ *
+ * Invariants enforced by tests:
+ * - Uses `readFileSync` + `fileURLToPath` (NEVER `require(`)
+ * - Exports `loadSimulationLineage`, `requireSimulationLineage`,
+ *   `formatLineageBanner`, and the legacy `loadSimulationId` alias
+ * - Walks up at most 6 directories from the module location and from cwd
+ */
+export const SIMULATION_LINEAGE_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-068)
+// ESM-safe simulation lineage loader. Reads .agentics/plans/manifest.json
+// (or .agentics/runs/latest/manifest.json) using readFileSync — never
+// CommonJS require(). Do NOT reimplement this helper; import from it.
+import { readFileSync, existsSync } from 'node:fs';
+import { resolve, dirname, join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+export type SimulationLineageSource = 'env' | 'manifest' | 'fallback';
+
+export interface SimulationLineage {
+  readonly simulationId: string;
+  readonly traceId: string;
+  readonly runId: string;
+  readonly source: SimulationLineageSource;
+  readonly manifestPath?: string;
+}
+
+const MANIFEST_CANDIDATES: readonly string[] = [
+  '.agentics/plans/manifest.json',
+  '.agentics/runs/latest/manifest.json',
+];
+
+const WALK_DEPTH = 6;
+
+/** Walk up from startDir looking for any manifest candidate path. */
+function findManifest(startDir: string): string | null {
+  let dir = startDir;
+  for (let i = 0; i < WALK_DEPTH; i++) {
+    for (const rel of MANIFEST_CANDIDATES) {
+      const candidate = resolve(dir, rel);
+      if (existsSync(candidate)) return candidate;
+    }
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+
+function moduleDir(): string {
+  try {
+    return dirname(fileURLToPath(import.meta.url));
+  } catch {
+    return process.cwd();
+  }
+}
+
+/**
+ * Load the simulation lineage. Permissive — returns a fallback record when
+ * nothing is available. Callers who need strict behavior should use
+ * requireSimulationLineage() instead.
+ *
+ * Resolution order:
+ *   1. AGENTICS_SIMULATION_ID / AGENTICS_TRACE_ID environment variables
+ *   2. First manifest.json found walking up from this module (then cwd)
+ *   3. Fallback record with source='fallback'
+ */
+export function loadSimulationLineage(): SimulationLineage {
+  const envSim = process.env['AGENTICS_SIMULATION_ID'];
+  const envTrace = process.env['AGENTICS_TRACE_ID'];
+  if (envSim) {
+    return {
+      simulationId: envSim,
+      traceId: envTrace ?? envSim,
+      runId: envSim,
+      source: 'env',
+    };
+  }
+
+  const startDirs = [moduleDir(), process.cwd()];
+  for (const start of startDirs) {
+    try {
+      const manifestPath = findManifest(start);
+      if (!manifestPath) continue;
+      const raw = JSON.parse(readFileSync(manifestPath, 'utf-8')) as Record<string, unknown>;
+      const runId = String(raw['run_id'] ?? raw['runId'] ?? '');
+      const simulationId = String(
+        raw['simulation_id'] ?? raw['simulationId'] ?? raw['execution_id'] ?? runId,
+      );
+      const traceId = String(raw['trace_id'] ?? raw['traceId'] ?? simulationId);
+      if (simulationId) {
+        return { simulationId, traceId, runId: runId || simulationId, source: 'manifest', manifestPath };
+      }
+    } catch {
+      // Try the next start dir. Never throw from the permissive loader.
+    }
+  }
+
+  return {
+    simulationId: 'sim-unknown',
+    traceId: 'trace-unknown',
+    runId: 'run-unknown',
+    source: 'fallback',
+  };
+}
+
+/**
+ * Strict variant — throws ECLI-LIN-068 when no simulation lineage is
+ * available. Use this at startup when the service MUST carry a real
+ * simulation id (audit logs, ERP posts, etc.).
+ */
+export function requireSimulationLineage(): SimulationLineage {
+  const lineage = loadSimulationLineage();
+  if (lineage.source === 'fallback') {
+    throw new Error(
+      'ECLI-LIN-068: simulation lineage unavailable — set AGENTICS_SIMULATION_ID or place .agentics/plans/manifest.json in the project tree',
+    );
+  }
+  return lineage;
+}
+
+/**
+ * Human-readable banner printed by the demo script when the loader falls
+ * back. Makes the break visible instead of letting sim-unknown leak into
+ * downstream audit logs and ERP posts.
+ */
+export function formatLineageBanner(lineage: SimulationLineage): string {
+  if (lineage.source !== 'fallback') {
+    return \`simulation lineage: \${lineage.simulationId} (source: \${lineage.source})\`;
+  }
+  return [
+    '',
+    '⚠️  Simulation lineage unavailable (source: fallback)',
+    '    All audit entries and ERP posts will carry sim-unknown.',
+    '    Fix: place .agentics/plans/manifest.json in the project tree,',
+    '    or set AGENTICS_SIMULATION_ID=<run-id> before running the demo.',
+    '',
+  ].join('\\n');
+}
+
+/** Also exported under the legacy alias some older prompts referenced. */
+export const loadSimulationId = (): string => loadSimulationLineage().simulationId;
+`;
+/**
+ * ADR-PIPELINE-069: scaffold body for `src/circuit-breaker.ts`.
+ *
+ * Extracted from the legacy middleware.ts scaffold so generators can
+ * `import { CircuitBreaker } from './circuit-breaker.js'` without pulling
+ * the entire middleware module. middleware.ts now re-exports this symbol
+ * so existing imports keep working.
+ */
+export const CIRCUIT_BREAKER_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-069)
+// Owned by the scaffold — do NOT redeclare CircuitBreaker in generated code.
+import { createLogger } from './logger.js';
+
+/** Simple circuit breaker for external service calls. */
+export class CircuitBreaker {
+  private failures = 0;
+  private state: 'closed' | 'open' | 'half-open' = 'closed';
+  private nextAttempt = 0;
+
+  constructor(
+    private readonly name: string,
+    private readonly threshold = 5,
+    private readonly cooldownMs = 30000,
+    private readonly logger = createLogger('circuit-breaker'),
+  ) {}
+
+  async call<T>(fn: () => Promise<T>): Promise<T> {
+    if (this.state === 'open') {
+      if (Date.now() < this.nextAttempt) {
+        throw new Error(\`Circuit breaker '\${this.name}' is OPEN — retry after \${new Date(this.nextAttempt).toISOString()}\`);
+      }
+      this.state = 'half-open';
+      this.logger.info('circuit.half-open', { name: this.name });
+    }
+    try {
+      const result = await fn();
+      if (this.state === 'half-open') {
+        this.state = 'closed';
+        this.failures = 0;
+        this.logger.info('circuit.closed', { name: this.name });
+      }
+      return result;
+    } catch (err) {
+      this.failures++;
+      if (this.failures >= this.threshold) {
+        this.state = 'open';
+        this.nextAttempt = Date.now() + this.cooldownMs;
+        this.logger.warn('circuit.open', { name: this.name, failures: this.failures, retryAt: new Date(this.nextAttempt).toISOString() });
+      }
+      throw err;
+    }
+  }
+
+  getState(): string { return this.state; }
+}
+`;
+/**
+ * ADR-PIPELINE-075: scaffold body for `src/persistence/repository.ts`.
+ *
+ * Defines the `Repository<T>` interface every stateful service should
+ * depend on. Each entity is identified by `idOf(entity)`, validated by a
+ * Zod schema on read, and bound to a table name for the SQLite backend.
+ */
+export const REPOSITORY_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-075)
+// Repository interface every stateful service should depend on.
+// Generators: use this instead of storing state in a Map<string, T>.
+import type { ZodType } from 'zod';
+
+export interface Repository<T> {
+  save(entity: T): Promise<void>;
+  get(id: string): Promise<T | null>;
+  list(filter?: Partial<T>): Promise<readonly T[]>;
+  delete(id: string): Promise<void>;
+}
+
+export interface RepositoryOptions<T> {
+  /** How to extract the primary key from an entity. */
+  readonly idOf: (entity: T) => string;
+  /** Zod schema used to re-validate rows on load (SQLite JSON columns are untrusted). */
+  readonly schema: ZodType<T>;
+  /** Table name for SQLite backend. Must match /^[a-zA-Z_][a-zA-Z0-9_]*$/. */
+  readonly tableName: string;
+}
+
+/** Errors thrown by all Repository implementations. */
+export class RepositoryError extends Error {
+  constructor(message: string, public readonly code: string) {
+    super(\`\${code}: \${message}\`);
+    this.name = 'RepositoryError';
+  }
+}
+`;
+/**
+ * ADR-PIPELINE-075: scaffold body for `src/persistence/in-memory-repository.ts`.
+ *
+ * Test-friendly `Repository<T>` implementation backed by a Map. Validates
+ * on write AND read so test fixtures catch schema drift. Production
+ * services should swap in SqliteRepository via the composition root.
+ */
+export const IN_MEMORY_REPO_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-075)
+// In-memory Repository<T> for tests. Not for production use.
+import type { Repository, RepositoryOptions } from './repository.js';
+
+export class InMemoryRepository<T> implements Repository<T> {
+  private readonly rows = new Map<string, T>();
+  constructor(private readonly options: RepositoryOptions<T>) {}
+
+  async save(entity: T): Promise<void> {
+    const validated = this.options.schema.parse(entity);
+    this.rows.set(this.options.idOf(validated), validated);
+  }
+
+  async get(id: string): Promise<T | null> {
+    const row = this.rows.get(id);
+    return row === undefined ? null : row;
+  }
+
+  async list(filter?: Partial<T>): Promise<readonly T[]> {
+    const all = Array.from(this.rows.values());
+    if (!filter) return all;
+    return all.filter(row =>
+      Object.entries(filter).every(
+        ([k, v]) => (row as Record<string, unknown>)[k] === v,
+      ),
+    );
+  }
+
+  async delete(id: string): Promise<void> {
+    this.rows.delete(id);
+  }
+
+  /** Test helper — never call from production code. */
+  clear(): void {
+    this.rows.clear();
+  }
+
+  /** Test helper — returns the current row count. */
+  get size(): number {
+    return this.rows.size;
+  }
+}
+`;
+/**
+ * ADR-PIPELINE-075: scaffold body for `src/persistence/sqlite-repository.ts`.
+ *
+ * Production `Repository<T>` backed by better-sqlite3. Stores each entity
+ * as a JSON column keyed by its primary key. Zod re-validates on read
+ * because the JSON column is untrusted at runtime.
+ *
+ * Generated projects must add better-sqlite3 + @types/better-sqlite3 to
+ * their package.json — the cross-cutting prompt footer reminds the coding
+ * agent to include these deps.
+ */
+export const SQLITE_REPO_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-075)
+// SQLite-backed Repository<T> using better-sqlite3.
+// Requires: better-sqlite3 in dependencies, @types/better-sqlite3 in devDependencies.
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import type { Repository, RepositoryOptions } from './repository.js';
+import { RepositoryError } from './repository.js';
+
+// Minimal structural type — works with better-sqlite3 without importing it
+// into the scaffold (so the scaffold compiles even when the dependency
+// isn't installed in the pipeline's own test environment).
+export interface BetterSqliteDatabase {
+  exec(sql: string): void;
+  prepare(sql: string): {
+    run(...params: any[]): { changes: number; lastInsertRowid: number | bigint };
+    get(...params: any[]): any;
+    all(...params: any[]): any[];
+  };
+}
+
+export interface SqliteRepositoryDeps {
+  readonly db: BetterSqliteDatabase;
+}
+
+export class SqliteRepository<T> implements Repository<T> {
+  constructor(
+    private readonly deps: SqliteRepositoryDeps,
+    private readonly options: RepositoryOptions<T>,
+  ) {
+    this.assertSafeTableName();
+    this.deps.db.exec(\`
+      CREATE TABLE IF NOT EXISTS \${this.options.tableName} (
+        id TEXT PRIMARY KEY,
+        data TEXT NOT NULL,
+        updated_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ','now'))
+      );
+    \`);
+  }
+
+  private assertSafeTableName(): void {
+    if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(this.options.tableName)) {
+      throw new RepositoryError(\`unsafe table name: \${this.options.tableName}\`, 'ECLI-REPO-001');
+    }
+  }
+
+  async save(entity: T): Promise<void> {
+    const validated = this.options.schema.parse(entity);
+    const id = this.options.idOf(validated);
+    const data = JSON.stringify(validated);
+    this.deps.db
+      .prepare(
+        \`INSERT INTO \${this.options.tableName} (id, data) VALUES (?, ?)
+         ON CONFLICT(id) DO UPDATE SET data = excluded.data,
+           updated_at = strftime('%Y-%m-%dT%H:%M:%fZ','now')\`,
+      )
+      .run(id, data);
+  }
+
+  async get(id: string): Promise<T | null> {
+    const row = this.deps.db
+      .prepare(\`SELECT data FROM \${this.options.tableName} WHERE id = ?\`)
+      .get(id) as { data: string } | undefined;
+    if (!row) return null;
+    return this.options.schema.parse(JSON.parse(row.data));
+  }
+
+  async list(filter?: Partial<T>): Promise<readonly T[]> {
+    const rows = this.deps.db
+      .prepare(\`SELECT data FROM \${this.options.tableName}\`)
+      .all() as Array<{ data: string }>;
+    const parsed = rows.map(r => this.options.schema.parse(JSON.parse(r.data)));
+    if (!filter) return parsed;
+    return parsed.filter(row =>
+      Object.entries(filter).every(
+        ([k, v]) => (row as Record<string, unknown>)[k] === v,
+      ),
+    );
+  }
+
+  async delete(id: string): Promise<void> {
+    this.deps.db.prepare(\`DELETE FROM \${this.options.tableName} WHERE id = ?\`).run(id);
+  }
+}
+`;
+/**
+ * ADR-PIPELINE-075: scaffold body for `src/persistence/audit-repository.ts`.
+ *
+ * Append-only audit repository. NO update, NO delete — an audit entry is
+ * committed and lives forever. Services that need to mutate a past entry
+ * have to bypass the repository and talk raw SQL, which PGV and code
+ * review will catch.
+ */
+export const AUDIT_REPO_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-075)
+// Append-only audit repository. No update, no delete by design.
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import type { BetterSqliteDatabase } from './sqlite-repository.js';
+
+export interface AuditEntry {
+  readonly entryId: string;
+  readonly prevHash: string;
+  readonly hash: string;
+  readonly payload: Record<string, unknown>;
+  readonly actor: string;
+  readonly action: string;
+  readonly entityType: string;
+  readonly entityId: string;
+  readonly createdAt: string;
+}
+
+export interface AuditRepositoryDeps {
+  readonly db: BetterSqliteDatabase;
+}
+
+export class AppendOnlyAuditRepository {
+  constructor(private readonly deps: AuditRepositoryDeps) {
+    this.deps.db.exec(\`
+      CREATE TABLE IF NOT EXISTS audit_log (
+        sequence INTEGER PRIMARY KEY AUTOINCREMENT,
+        entry_id TEXT NOT NULL UNIQUE,
+        prev_hash TEXT NOT NULL,
+        hash TEXT NOT NULL,
+        payload TEXT NOT NULL,
+        actor TEXT NOT NULL,
+        action TEXT NOT NULL,
+        entity_type TEXT NOT NULL,
+        entity_id TEXT NOT NULL,
+        created_at TEXT NOT NULL DEFAULT (strftime('%Y-%m-%dT%H:%M:%fZ','now'))
+      );
+      CREATE INDEX IF NOT EXISTS idx_audit_log_entity
+        ON audit_log(entity_type, entity_id);
+    \`);
+  }
+
+  append(entry: AuditEntry): void {
+    this.deps.db
+      .prepare(
+        \`INSERT INTO audit_log
+         (entry_id, prev_hash, hash, payload, actor, action, entity_type, entity_id, created_at)
+         VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)\`,
+      )
+      .run(
+        entry.entryId,
+        entry.prevHash,
+        entry.hash,
+        JSON.stringify(entry.payload),
+        entry.actor,
+        entry.action,
+        entry.entityType,
+        entry.entityId,
+        entry.createdAt,
+      );
+  }
+
+  list(): readonly AuditEntry[] {
+    const rows = this.deps.db
+      .prepare(\`SELECT * FROM audit_log ORDER BY sequence ASC\`)
+      .all() as Array<{
+      entry_id: string;
+      prev_hash: string;
+      hash: string;
+      payload: string;
+      actor: string;
+      action: string;
+      entity_type: string;
+      entity_id: string;
+      created_at: string;
+    }>;
+    return rows.map(r => ({
+      entryId: r.entry_id,
+      prevHash: r.prev_hash,
+      hash: r.hash,
+      payload: JSON.parse(r.payload),
+      actor: r.actor,
+      action: r.action,
+      entityType: r.entity_type,
+      entityId: r.entity_id,
+      createdAt: r.created_at,
+    }));
+  }
+
+  listByEntity(entityType: string, entityId: string): readonly AuditEntry[] {
+    const rows = this.deps.db
+      .prepare(
+        \`SELECT * FROM audit_log
+         WHERE entity_type = ? AND entity_id = ?
+         ORDER BY sequence ASC\`,
+      )
+      .all(entityType, entityId) as Array<{
+      entry_id: string;
+      prev_hash: string;
+      hash: string;
+      payload: string;
+      actor: string;
+      action: string;
+      entity_type: string;
+      entity_id: string;
+      created_at: string;
+    }>;
+    return rows.map(r => ({
+      entryId: r.entry_id,
+      prevHash: r.prev_hash,
+      hash: r.hash,
+      payload: JSON.parse(r.payload),
+      actor: r.actor,
+      action: r.action,
+      entityType: r.entity_type,
+      entityId: r.entity_id,
+      createdAt: r.created_at,
+    }));
+  }
+
+  /** Total row count — used by verify() and reconciliation jobs. */
+  size(): number {
+    const row = this.deps.db
+      .prepare('SELECT COUNT(*) AS n FROM audit_log')
+      .get() as { n: number };
+    return row.n;
+  }
+}
+`;
+/**
+ * ADR-PIPELINE-078: scaffold body for `src/persistence/canonical-json.ts`.
+ *
+ * Deterministic JSON serialization for audit hash chains and idempotency
+ * keys. Follows JCS (RFC 8785) closely enough for the pipeline's needs:
+ * object keys are sorted lexicographically at every depth; arrays preserve
+ * order; strings, numbers, booleans, and null use standard JSON encoding.
+ *
+ * Rejects undefined, BigInt, and circular references. Date objects should
+ * be serialized as ISO strings at the boundary BEFORE passing to this
+ * function.
+ */
+export const CANONICAL_JSON_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-078)
+// Deterministic JSON for audit hash chains. Keys sorted at every depth.
+
+export class CanonicalJsonError extends Error {
+  constructor(message: string) {
+    super(\`ECLI-CJ-078: \${message}\`);
+    this.name = 'CanonicalJsonError';
+  }
+}
+
+/**
+ * Canonicalize \`value\` into a deterministic JSON string. Keys are sorted
+ * at every level; arrays preserve order; primitives use standard encoding.
+ */
+export function canonicalJson(value: unknown): string {
+  const visited = new WeakSet<object>();
+  return serialize(value, visited);
+}
+
+function serialize(value: unknown, visited: WeakSet<object>): string {
+  if (value === undefined) {
+    throw new CanonicalJsonError('undefined is not canonicalizable — pass null instead');
+  }
+  if (value === null) return 'null';
+  if (typeof value === 'boolean') return value ? 'true' : 'false';
+  if (typeof value === 'number') {
+    if (!Number.isFinite(value)) {
+      throw new CanonicalJsonError(\`non-finite number: \${String(value)}\`);
+    }
+    return JSON.stringify(value);
+  }
+  if (typeof value === 'string') {
+    return JSON.stringify(value);
+  }
+  if (typeof value === 'bigint') {
+    throw new CanonicalJsonError('BigInt is not canonicalizable — convert to string at the boundary');
+  }
+  if (Array.isArray(value)) {
+    if (visited.has(value)) throw new CanonicalJsonError('circular reference in array');
+    visited.add(value);
+    const parts = value.map(item => serialize(item, visited));
+    visited.delete(value);
+    return '[' + parts.join(',') + ']';
+  }
+  if (typeof value === 'object') {
+    if (visited.has(value as object)) throw new CanonicalJsonError('circular reference in object');
+    visited.add(value as object);
+    const record = value as Record<string, unknown>;
+    const keys = Object.keys(record).sort();
+    const pairs: string[] = [];
+    for (const key of keys) {
+      const v = record[key];
+      if (v === undefined) continue;
+      pairs.push(JSON.stringify(key) + ':' + serialize(v, visited));
+    }
+    visited.delete(value as object);
+    return '{' + pairs.join(',') + '}';
+  }
+  throw new CanonicalJsonError(\`unsupported value type: \${typeof value}\`);
+}
+`;
+/**
+ * ADR-PIPELINE-078: scaffold body for `src/persistence/audit-hash.ts`.
+ *
+ * Wraps `canonicalJson` with audit-log-specific conventions. Every
+ * generated `AuditService.append()` method should call `hashAuditEntry`
+ * rather than rolling its own `JSON.stringify + createHash` chain.
+ */
+export const AUDIT_HASH_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-078)
+// Audit hash-chain helper. Import hashAuditEntry instead of hand-rolling
+// createHash('sha256').update(JSON.stringify(...)).
+import { createHash } from 'node:crypto';
+import { canonicalJson } from './canonical-json.js';
+
+export interface HashChainInput {
+  readonly prevHash: string;
+  readonly entryId: string;
+  readonly actor: string;
+  readonly action: string;
+  readonly entityType: string;
+  readonly entityId: string;
+  readonly payload: unknown;
+  readonly createdAt: string;
+}
+
+/**
+ * Deterministically hash an audit entry's content + its link to the
+ * previous entry. Payload keys are sorted at every depth so mutations
+ * at any nesting level change the hash.
+ */
+export function hashAuditEntry(input: HashChainInput): string {
+  const body = canonicalJson({
+    prevHash: input.prevHash,
+    entryId: input.entryId,
+    actor: input.actor,
+    action: input.action,
+    entityType: input.entityType,
+    entityId: input.entityId,
+    payload: input.payload,
+    createdAt: input.createdAt,
+  });
+  return createHash('sha256').update(body).digest('hex');
+}
+`;
+/**
+ * ADR-PIPELINE-077: scaffold body for `src/erp/schema-provenance.ts`.
+ *
+ * Every generated ERP adapter file (schema.ts, <system>-adapter.ts, etc.)
+ * must export an `ERP_SCHEMA_PROVENANCE` constant of type
+ * `ErpSchemaProvenance` declaring whether the schema was invented,
+ * pulled from a catalog, or validated by an SME. Under
+ * `AGENTICS_ERP_STRICT=true`, `assertErpProvenanceOrFail` refuses to
+ * start when source='invented'. PGV-020 enforces presence, PGV-021
+ * enforces reviewer + catalog_version on validated entries.
+ */
+export const ERP_SCHEMA_PROVENANCE_SCAFFOLD = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-077)
+// Provenance tag for generated ERP schemas. MANDATORY on every file
+// under src/erp/ that exports Zod schemas targeting an external ERP.
+
+export type ErpProvenanceSource = 'invented' | 'catalog' | 'validated';
+
+export interface ErpSchemaProvenance {
+  /** Target ERP system — e.g. 'Ramco Aviation', 'Oracle OPERA', 'SAP S/4HANA'. */
+  readonly erp_system: string;
+  /** Specific module the schema targets — 'Flight Catering Order'. */
+  readonly module: string;
+  /** Validation stage: invented (no review), catalog (fields match), validated (SME-reviewed). */
+  readonly source: ErpProvenanceSource;
+  /** Version identifier of the catalog source, when known. */
+  readonly catalog_version: string | null;
+  /** ISO timestamp of SME review when source='validated'. */
+  readonly validated_at: string | null;
+  /** Reviewer name + role when source='validated'. */
+  readonly reviewer: { name: string; role: string } | null;
+  /** Free-text notes visible in startup logs and generated README. */
+  readonly notes: string;
+}
+
+/**
+ * Assert an ERP adapter is allowed to run in the current environment.
+ * Under AGENTICS_ERP_STRICT=true, source='invented' throws ECLI-ERP-077
+ * and the process exits with code 77.
+ */
+export function assertErpProvenanceOrFail(
+  provenance: ErpSchemaProvenance,
+  env: NodeJS.ProcessEnv = process.env,
+): void {
+  const strict = env['AGENTICS_ERP_STRICT'] === 'true';
+  if (strict && provenance.source === 'invented') {
+    throw new Error(
+      \`ECLI-ERP-077: ERP adapter for \${provenance.erp_system}/\${provenance.module} has source='invented' \` +
+      \`and AGENTICS_ERP_STRICT=true. Pilot deployment requires an SME review — set source='validated' \` +
+      \`and provide reviewer + catalog_version before enabling strict mode.\`,
+    );
+  }
+}
+
+/** Console-friendly banner for startup logs + demo output. */
+export function formatProvenanceBanner(provenance: ErpSchemaProvenance): string {
+  const icon = provenance.source === 'validated' ? '✅' :
+               provenance.source === 'catalog'   ? '🟡' :
+                                                    '⚠️ ';
+  const lines: string[] = [
+    \`\${icon} ERP SCHEMA PROVENANCE — \${provenance.erp_system} / \${provenance.module}\`,
+    \`   source: \${provenance.source}\`,
+  ];
+  if (provenance.catalog_version) lines.push(\`   catalog: \${provenance.catalog_version}\`);
+  if (provenance.validated_at) lines.push(\`   validated: \${provenance.validated_at}\`);
+  if (provenance.reviewer) lines.push(\`   reviewer: \${provenance.reviewer.name} (\${provenance.reviewer.role})\`);
+  if (provenance.source === 'invented') {
+    lines.push(
+      '   ',
+      '   WARNING: This schema has not been validated against a real ERP document catalog.',
+      '   Pilot deployment requires an SME review before the first live call.',
+      "   Set AGENTICS_ERP_STRICT=true in production to block runs until source='validated'.",
+    );
+  }
+  return lines.join('\\n');
+}
+
+/** Convenience wrapper — prints the banner to stderr. */
+export function printProvenanceBanner(provenance: ErpSchemaProvenance): void {
+  process.stderr.write(formatProvenanceBanner(provenance) + '\\n');
+}
+`;
+/**
+ * ADR-PIPELINE-076: scaffold body for `src/api/base-app.ts` (Hono variant).
+ *
+ * Ships a wire-complete base app so the coding agent never writes
+ * middleware/metrics/health plumbing from scratch. Generators extend
+ * via `createBaseApp({...}).route('/api/<domain>', yourRouter)` instead
+ * of rebuilding.
+ *
+ * Every generated project that imports `createBaseApp` gets:
+ *   - correlation middleware (AsyncLocalStorage-scoped, ADR-074)
+ *   - request logging with duration histogram
+ *   - GET /health/live       (process up check)
+ *   - GET /health/ready      (every readiness check passes)
+ *   - GET /metrics           (Prometheus text, ADR-051)
+ *   - structured error handler (last)
+ */
+export const BASE_APP_SCAFFOLD_HONO = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-076)
+// Wire-complete Hono app base. DO NOT rewrite — extend via
+// \`createBaseApp(deps).route('/api/...', yourRouter)\` from your routes module.
+import { Hono } from 'hono';
+import { randomUUID } from 'node:crypto';
+import { runWithCorrelation, createLogger } from '../logger.js';
+import { incrementCounter, recordHistogram, metricsHandler } from '../middleware.js';
+
+export interface HealthCheck {
+  readonly name: string;
+  readonly check: () => Promise<{ ok: boolean; detail?: string }>;
+}
+
+export interface BaseAppDeps {
+  readonly serviceName: string;
+  readonly version: string;
+  readonly readiness: readonly HealthCheck[];
+}
+
+export interface BaseAppContextVariables {
+  correlationId: string;
+  startedAt: number;
+}
+
+const baseLogger = createLogger('base-app');
+
+/**
+ * Build the wire-complete base app.
+ *
+ * Returned Hono instance already has:
+ *   - correlation ID middleware (AsyncLocalStorage-scoped)
+ *   - request logging with duration histogram
+ *   - GET /health/live       process-up check
+ *   - GET /health/ready      runs every registered check
+ *   - GET /metrics           Prometheus text format
+ *   - structured error handler
+ *
+ * Add domain routes with \`.route('/api/<domain>', yourRouter)\`.
+ */
+export function createBaseApp(
+  deps: BaseAppDeps,
+): Hono<{ Variables: BaseAppContextVariables }> {
+  const app = new Hono<{ Variables: BaseAppContextVariables }>();
+
+  // Correlation ID — MUST be first so every downstream log carries it
+  app.use('*', async (c, next) => {
+    const id = c.req.header('x-correlation-id') ?? randomUUID();
+    c.set('correlationId', id);
+    c.set('startedAt', Date.now());
+    c.header('X-Correlation-Id', id);
+    await runWithCorrelation(id, async () => {
+      await next();
+    });
+  });
+
+  // Request logging + metrics
+  app.use('*', async (c, next) => {
+    await next();
+    const durationMs = Date.now() - c.get('startedAt');
+    const status = c.res.status;
+    baseLogger.info('http.request', {
+      method: c.req.method,
+      path: c.req.path,
+      status,
+      durationMs,
+    });
+    incrementCounter('http_requests_total', {
+      method: c.req.method,
+      status: String(status),
+    });
+    recordHistogram('http_request_duration_ms', durationMs, {
+      method: c.req.method,
+    });
+  });
+
+  // Liveness — always returns OK if the process is running
+  app.get('/health/live', (c) => {
+    return c.json({
+      status: 'ok',
+      service: deps.serviceName,
+      version: deps.version,
+      uptime_sec: Math.round(process.uptime()),
+    });
+  });
+
+  // Readiness — runs every registered check
+  app.get('/health/ready', async (c) => {
+    const results: Array<{ name: string; ok: boolean; detail?: string }> = [];
+    for (const check of deps.readiness) {
+      try {
+        const r = await check.check();
+        results.push({ name: check.name, ok: r.ok, ...(r.detail ? { detail: r.detail } : {}) });
+      } catch (err) {
+        results.push({
+          name: check.name,
+          ok: false,
+          detail: err instanceof Error ? err.message : String(err),
+        });
+      }
+    }
+    const allOk = results.every((r) => r.ok);
+    return c.json(
+      { status: allOk ? 'ready' : 'not-ready', checks: results },
+      allOk ? 200 : 503,
+    );
+  });
+
+  // Metrics — Prometheus text format
+  app.get('/metrics', (c) => {
+    return c.text(metricsHandler(), 200, {
+      'Content-Type': 'text/plain; version=0.0.4',
+    });
+  });
+
+  // Error handler — last, so it catches everything above
+  app.onError((err, c) => {
+    baseLogger.error('http.error', err as Error, {
+      method: c.req.method,
+      path: c.req.path,
+    });
+    const status = (err as { httpStatus?: number }).httpStatus ?? 500;
+    return c.json(
+      {
+        error: {
+          message: err.message,
+          code: (err as { code?: string }).code ?? 'INTERNAL_ERROR',
+        },
+      },
+      status as 500,
+    );
+  });
+
+  return app;
+}
+`;
+/**
+ * ADR-PIPELINE-076: scaffold body for `src/api/base-app.ts` (Express variant).
+ *
+ * Used when the generator detects Express in Phase 4. Same guarantees as
+ * the Hono variant — wires correlation / logging / liveness / readiness
+ * / metrics / error handler in the correct order.
+ */
+export const BASE_APP_SCAFFOLD_EXPRESS = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-076)
+// Wire-complete Express app base. DO NOT rewrite — mount your routes
+// onto the returned \`app\` instance instead.
+/* eslint-disable @typescript-eslint/no-explicit-any */
+import express from 'express';
+import { randomUUID } from 'node:crypto';
+import { runWithCorrelation, createLogger } from '../logger.js';
+import { incrementCounter, recordHistogram, metricsHandlerExpress } from '../middleware.js';
+
+export interface HealthCheck {
+  readonly name: string;
+  readonly check: () => Promise<{ ok: boolean; detail?: string }>;
+}
+
+export interface BaseAppDeps {
+  readonly serviceName: string;
+  readonly version: string;
+  readonly readiness: readonly HealthCheck[];
+}
+
+const baseLogger = createLogger('base-app');
+
+export function createBaseApp(deps: BaseAppDeps): express.Express {
+  const app = express();
+  app.use(express.json({ limit: '1mb' }));
+
+  // Correlation ID — AsyncLocalStorage-scoped for the request's
+  // entire async continuation.
+  app.use((req: any, res: any, next: () => void) => {
+    const id = (req.headers['x-correlation-id'] as string) || randomUUID();
+    req.correlationId = id;
+    res.setHeader('X-Correlation-Id', id);
+    runWithCorrelation(id, next);
+  });
+
+  // Request logging + metrics
+  app.use((req: any, res: any, next: () => void) => {
+    const started = Date.now();
+    res.on('finish', () => {
+      const durationMs = Date.now() - started;
+      baseLogger.info('http.request', {
+        method: req.method,
+        path: req.path,
+        status: res.statusCode,
+        durationMs,
+      });
+      incrementCounter('http_requests_total', {
+        method: req.method,
+        status: String(res.statusCode),
+      });
+      recordHistogram('http_request_duration_ms', durationMs, {
+        method: req.method,
+      });
+    });
+    next();
+  });
+
+  app.get('/health/live', (_req, res) => {
+    res.json({
+      status: 'ok',
+      service: deps.serviceName,
+      version: deps.version,
+      uptime_sec: Math.round(process.uptime()),
+    });
+  });
+
+  app.get('/health/ready', async (_req, res) => {
+    const results: Array<{ name: string; ok: boolean; detail?: string }> = [];
+    for (const check of deps.readiness) {
+      try {
+        const r = await check.check();
+        results.push({ name: check.name, ok: r.ok, ...(r.detail ? { detail: r.detail } : {}) });
+      } catch (err) {
+        results.push({
+          name: check.name,
+          ok: false,
+          detail: err instanceof Error ? err.message : String(err),
+        });
+      }
+    }
+    const allOk = results.every((r) => r.ok);
+    res.status(allOk ? 200 : 503).json({
+      status: allOk ? 'ready' : 'not-ready',
+      checks: results,
+    });
+  });
+
+  app.get('/metrics', metricsHandlerExpress);
+
+  app.use((err: any, req: any, res: any, _next: () => void) => {
+    baseLogger.error('http.error', err as Error, {
+      method: req.method,
+      path: req.path,
+    });
+    const status = err?.httpStatus ?? 500;
+    res.status(status).json({
+      error: {
+        message: err?.message ?? 'Internal error',
+        code: err?.code ?? 'INTERNAL_ERROR',
+      },
+    });
+  });
+
+  return app;
+}
+`;
+export const OWNED_SCAFFOLD_MODULES = [
+    {
+        path: 'src/logger.ts',
+        // ADR-PIPELINE-074: runWithCorrelation is now the authoritative
+        // way to scope a correlation ID; setCorrelationId is retained as a
+        // legacy shim but must not be used inside request handlers.
+        exports: [
+            'Logger',
+            'createLogger',
+            'runWithCorrelation',
+            'getCorrelationId',
+            'setCorrelationId',
+        ],
+    },
+    {
+        path: 'src/config.ts',
+        exports: ['AppConfig', 'config'],
+    },
+    {
+        path: 'src/errors.ts',
+        exports: ['AppError', 'ValidationError', 'NotFoundError', 'ERPError'],
+    },
+    {
+        path: 'src/middleware.ts',
+        // ADR-PIPELINE-076: metricsHandler is now a pure renderer; the
+        // Express-compat wrapper is metricsHandlerExpress. The Hono wrapper
+        // lives in the base-app scaffold.
+        exports: [
+            'correlationId',
+            'requestLogger',
+            'incrementCounter',
+            'recordHistogram',
+            'metricsHandler',
+            'metricsHandlerExpress',
+        ],
+    },
+    {
+        path: 'src/circuit-breaker.ts',
+        exports: ['CircuitBreaker'],
+    },
+    {
+        path: 'src/unit-economics.ts',
+        exports: [
+            'DomainUnit',
+            'UnitEconomicsScope',
+            'UnitEconomics',
+            'writeUnitEconomics',
+            'readUnitEconomics',
+        ],
+    },
+    {
+        path: 'src/simulation-lineage.ts',
+        exports: [
+            'SimulationLineage',
+            'SimulationLineageSource',
+            'loadSimulationLineage',
+            'requireSimulationLineage',
+            'formatLineageBanner',
+            'loadSimulationId',
+        ],
+    },
+    // ADR-PIPELINE-075: scaffolded persistence layer
+    {
+        path: 'src/persistence/repository.ts',
+        exports: ['Repository', 'RepositoryOptions', 'RepositoryError'],
+    },
+    {
+        path: 'src/persistence/in-memory-repository.ts',
+        exports: ['InMemoryRepository'],
+    },
+    {
+        path: 'src/persistence/sqlite-repository.ts',
+        exports: ['SqliteRepository', 'SqliteRepositoryDeps', 'BetterSqliteDatabase'],
+    },
+    {
+        path: 'src/persistence/audit-repository.ts',
+        exports: ['AppendOnlyAuditRepository', 'AuditRepositoryDeps', 'AuditEntry'],
+    },
+    // ADR-PIPELINE-076: wire-complete server scaffold
+    {
+        path: 'src/api/base-app.ts',
+        exports: [
+            'createBaseApp',
+            'BaseAppDeps',
+            'BaseAppContextVariables',
+            'HealthCheck',
+        ],
+    },
+    // ADR-PIPELINE-077: ERP schema provenance tag
+    {
+        path: 'src/erp/schema-provenance.ts',
+        exports: [
+            'ErpProvenanceSource',
+            'ErpSchemaProvenance',
+            'assertErpProvenanceOrFail',
+            'formatProvenanceBanner',
+            'printProvenanceBanner',
+        ],
+    },
+    // ADR-PIPELINE-078: deep canonical JSON for audit hash chains
+    {
+        path: 'src/persistence/canonical-json.ts',
+        exports: ['CanonicalJsonError', 'canonicalJson'],
+    },
+    {
+        path: 'src/persistence/audit-hash.ts',
+        exports: ['HashChainInput', 'hashAuditEntry'],
+    },
+];
+export function buildOwnedModulesManifest(now = new Date()) {
+    return {
+        version: '1.0',
+        generated_at: now.toISOString(),
+        owned: OWNED_SCAFFOLD_MODULES,
+    };
+}
+const SCAFFOLD_SCAN_SKIP_DIRS = new Set([
+    'node_modules', 'dist', 'build', '.git', 'coverage', '.next', '.agentics',
+]);
+/**
+ * ADR-PIPELINE-069: Walk a project tree looking for generator-emitted files
+ * that redeclare an export listed in OWNED_SCAFFOLD_MODULES. Skips:
+ *   - the scaffold-owned files themselves (matched by basename)
+ *   - test files
+ *   - node_modules / dist / .agentics
+ *
+ * Returns one finding per (file, export) pair.
+ */
+export function detectScaffoldDuplicates(projectRoot, owned = OWNED_SCAFFOLD_MODULES) {
+    if (!fs.existsSync(projectRoot))
+        return [];
+    // Build (exportName -> ownedPath) lookup once.
+    const exportToOwned = new Map();
+    const ownedBasenames = new Set();
+    for (const mod of owned) {
+        ownedBasenames.add(path.basename(mod.path));
+        for (const ex of mod.exports) {
+            if (!exportToOwned.has(ex))
+                exportToOwned.set(ex, mod.path);
+        }
+    }
+    const findings = [];
+    const walk = (currentDir) => {
+        let entries;
+        try {
+            entries = fs.readdirSync(currentDir, { withFileTypes: true });
+        }
+        catch {
+            return;
+        }
+        for (const entry of entries) {
+            if (entry.isDirectory()) {
+                if (SCAFFOLD_SCAN_SKIP_DIRS.has(entry.name))
+                    continue;
+                walk(path.join(currentDir, entry.name));
+                continue;
+            }
+            if (!entry.name.endsWith('.ts'))
+                continue;
+            // Skip the scaffolded files themselves — they're allowed to declare
+            // their own exports. Match by basename so any project layout works.
+            if (ownedBasenames.has(entry.name))
+                continue;
+            // Skip tests + scripts + demos
+            const lower = entry.name.toLowerCase();
+            if (lower.endsWith('.test.ts') || lower.endsWith('.spec.ts') || lower.endsWith('.d.ts'))
+                continue;
+            const fullPath = path.join(currentDir, entry.name);
+            const lowerFull = fullPath.toLowerCase();
+            if (lowerFull.includes('/tests/') || lowerFull.includes('/__tests__/') || lowerFull.includes('/scripts/'))
+                continue;
+            let content;
+            try {
+                const stat = fs.statSync(fullPath);
+                if (stat.size > 1_000_000)
+                    continue;
+                content = fs.readFileSync(fullPath, 'utf-8');
+            }
+            catch {
+                continue;
+            }
+            for (const [exportName, ownedPath] of exportToOwned) {
+                // Match `export class Foo`, `export function Foo`, `export const Foo`,
+                // `export interface Foo`, `export type Foo`, or `export { Foo }`.
+                const declRe = new RegExp(`\\bexport\\s+(?:class|function|const|let|interface|type|enum)\\s+${exportName}\\b`);
+                const reExportRe = new RegExp(`\\bexport\\s*\\{[^}]*\\b${exportName}\\b[^}]*\\}`);
+                if (declRe.test(content) || reExportRe.test(content)) {
+                    findings.push({ path: fullPath, exportName, ownedPath });
+                }
+            }
+        }
+    };
+    walk(projectRoot);
+    return findings;
+}
 function copyPlanningArtifacts(runDir, targetRoot) {
     try {
         // ADR-051: Use git repo root (or explicit target) instead of process.cwd()
@@ -155,33 +1456,16 @@ function copyPlanningArtifacts(runDir, targetRoot) {
         // Instead of hoping the coding agent reads the prompts, we deliver the files.
         const scaffoldDir = path.join(plansDir, 'scaffold', 'src');
         fs.mkdirSync(scaffoldDir, { recursive: true });
-        const loggerCode = `// Auto-generated by Agentics pipeline (ADR-039)
-export interface Logger {
-  info(event: string, data?: Record<string, unknown>): void;
-  warn(event: string, data?: Record<string, unknown>): void;
-  error(event: string, error: Error, data?: Record<string, unknown>): void;
-}
-
-let currentCorrelationId: string | undefined;
-
-export function setCorrelationId(id: string): void { currentCorrelationId = id; }
-export function getCorrelationId(): string | undefined { return currentCorrelationId; }
-
-export function createLogger(service: string): Logger {
-  const emit = (level: string, event: string, extra?: Record<string, unknown>) => {
-    const entry = { timestamp: new Date().toISOString(), level, service, event, ...(currentCorrelationId ? { correlationId: currentCorrelationId } : {}), ...extra };
-    process.stderr.write(JSON.stringify(entry) + '\\n');
-  };
-  return {
-    info: (event, data) => emit('info', event, data),
-    warn: (event, data) => emit('warn', event, data),
-    error: (event, err, data) => emit('error', event, { error: err.message, stack: err.stack, ...data }),
-  };
-}
-`;
-        const configCode = `// Auto-generated by Agentics pipeline (ADR-039)
+        // ADR-PIPELINE-074: logger scaffold now uses AsyncLocalStorage for
+        // concurrent-request correctness. Body lives in LOGGER_SCAFFOLD at
+        // module scope so it can be unit-tested independently.
+        const loggerCode = LOGGER_SCAFFOLD;
+        // ADR-PIPELINE-039 + ADR-PIPELINE-075: AppConfig now includes a `db`
+        // block so the composition root can pick sqlite (production) vs
+        // in-memory (tests) without code changes.
+        const configCode = `// Auto-generated by Agentics pipeline (ADR-039 + ADR-PIPELINE-075)
 export interface AppConfig {
-  env: 'development' | 'staging' | 'production';
+  env: 'development' | 'staging' | 'production' | 'test';
   port: number;
   logLevel: 'debug' | 'info' | 'warn' | 'error';
   erp: {
@@ -190,6 +1474,10 @@ export interface AppConfig {
     timeoutMs: number;
     maxRetries: number;
   };
+  db: {
+    driver: 'sqlite' | 'in-memory';
+    path: string;
+  };
 }
 
 export const config: AppConfig = {
@@ -202,6 +1490,10 @@ export const config: AppConfig = {
     timeoutMs: parseInt(process.env['ERP_TIMEOUT_MS'] ?? '30000', 10),
     maxRetries: parseInt(process.env['ERP_MAX_RETRIES'] ?? '3', 10),
   },
+  db: {
+    driver: (process.env['DB_DRIVER'] ?? 'sqlite') as AppConfig['db']['driver'],
+    path: process.env['DB_PATH'] ?? './data/app.db',
+  },
 };
 `;
         const errorsCode = `// Auto-generated by Agentics pipeline (ADR-039)
@@ -232,21 +1524,49 @@ export class ERPError extends AppError {
 `;
         // TypeScript scaffold (default)
         fs.writeFileSync(path.join(scaffoldDir, 'logger.ts'), loggerCode, 'utf-8');
+        // ADR-PIPELINE-074: ship a concurrency regression test next to the
+        // logger so generated projects fail loudly if someone reintroduces
+        // a module-level correlation-ID store.
+        fs.writeFileSync(path.join(scaffoldDir, 'logger.concurrency.test.ts'), LOGGER_CONCURRENCY_TEST_SCAFFOLD, 'utf-8');
         fs.writeFileSync(path.join(scaffoldDir, 'config.ts'), configCode, 'utf-8');
         fs.writeFileSync(path.join(scaffoldDir, 'errors.ts'), errorsCode, 'utf-8');
-        // ADR-051: Correlation ID middleware + metrics scaffold
-        const middlewareCode = `// Auto-generated by Agentics pipeline (ADR-051)
+        // ADR-PIPELINE-075: Scaffolded persistence layer — Repository<T> +
+        // InMemoryRepository + SqliteRepository + AppendOnlyAuditRepository.
+        // Every stateful service should import these instead of rolling a
+        // Map<string, T> store. PGV-017 flags the anti-pattern at post-gen time.
+        const persistenceDir = path.join(scaffoldDir, 'persistence');
+        fs.mkdirSync(persistenceDir, { recursive: true });
+        fs.writeFileSync(path.join(persistenceDir, 'repository.ts'), REPOSITORY_SCAFFOLD, 'utf-8');
+        fs.writeFileSync(path.join(persistenceDir, 'in-memory-repository.ts'), IN_MEMORY_REPO_SCAFFOLD, 'utf-8');
+        fs.writeFileSync(path.join(persistenceDir, 'sqlite-repository.ts'), SQLITE_REPO_SCAFFOLD, 'utf-8');
+        fs.writeFileSync(path.join(persistenceDir, 'audit-repository.ts'), AUDIT_REPO_SCAFFOLD, 'utf-8');
+        // ADR-PIPELINE-078: deep canonical JSON + audit hash helper.
+        // Every generated AuditService should import hashAuditEntry from this
+        // helper instead of hand-rolling JSON.stringify + createHash chains.
+        // PGV-022 flags the anti-pattern at post-gen time.
+        fs.writeFileSync(path.join(persistenceDir, 'canonical-json.ts'), CANONICAL_JSON_SCAFFOLD, 'utf-8');
+        fs.writeFileSync(path.join(persistenceDir, 'audit-hash.ts'), AUDIT_HASH_SCAFFOLD, 'utf-8');
+        // ADR-051 + ADR-PIPELINE-074: Correlation ID middleware now wraps next()
+        // in runWithCorrelation so the ID lives in AsyncLocalStorage for the
+        // request's entire async continuation. Concurrent requests cannot
+        // cross-contaminate log lines.
+        const middlewareCode = `// Auto-generated by Agentics pipeline (ADR-051 + ADR-PIPELINE-074)
 import { randomUUID } from 'node:crypto';
-import { createLogger } from './logger.js';
+import { createLogger, runWithCorrelation } from './logger.js';
 
 const logger = createLogger('middleware');
 
-/** Correlation ID middleware — attaches to every request, threads through logs */
+/**
+ * Correlation ID middleware — attaches to every request, threads through
+ * logs via AsyncLocalStorage. The request handler + all its async
+ * descendants run inside runWithCorrelation so getCorrelationId() returns
+ * this request's ID, not a sibling's.
+ */
 export function correlationId(req: any, res: any, next: () => void): void {
   const id = (req.headers['x-correlation-id'] as string) || randomUUID();
   req.correlationId = id;
   res.setHeader('X-Correlation-Id', id);
-  next();
+  runWithCorrelation(id, next);
 }
 
 /** Request logging middleware — logs every request with timing */
@@ -276,7 +1596,13 @@ export function recordHistogram(name: string, value: number, labels: Record<stri
   histograms[key]!.push(value);
 }
 
-export function metricsHandler(_req: any, res: any): void {
+/**
+ * ADR-PIPELINE-076: Pure metrics renderer — returns Prometheus text.
+ * Framework-specific wrappers (metricsHandlerExpress, metricsHandlerHono)
+ * delegate here. Call this directly from any framework that isn't
+ * Express or Hono.
+ */
+export function metricsHandler(): string {
   const lines: string[] = [];
   for (const [key, val] of Object.entries(counters)) {
     lines.push(\`# TYPE \${key.split('{')[0]} counter\`);
@@ -289,55 +1615,188 @@ export function metricsHandler(_req: any, res: any): void {
     lines.push(\`\${key}_sum \${sum}\`);
     lines.push(\`\${key}_count \${count}\`);
   }
-  res.setHeader('Content-Type', 'text/plain');
-  res.end(lines.join('\\n'));
+  return lines.join('\\n');
 }
 
-/** Simple circuit breaker for external service calls */
-export class CircuitBreaker {
-  private failures = 0;
-  private state: 'closed' | 'open' | 'half-open' = 'closed';
-  private nextAttempt = 0;
+/** Express-compatible metrics handler — wraps metricsHandler(). */
+export function metricsHandlerExpress(_req: any, res: any): void {
+  res.setHeader('Content-Type', 'text/plain; version=0.0.4');
+  res.end(metricsHandler());
+}
 
-  constructor(
-    private readonly name: string,
-    private readonly threshold = 5,
-    private readonly cooldownMs = 30000,
-    private readonly logger = createLogger('circuit-breaker'),
-  ) {}
+// ADR-PIPELINE-069: CircuitBreaker now lives in its own scaffold module.
+// This re-export keeps existing imports (from './middleware.js') working
+// while making the canonical class importable from a dedicated file.
+export { CircuitBreaker } from './circuit-breaker.js';
+`;
+        fs.writeFileSync(path.join(scaffoldDir, 'middleware.ts'), middlewareCode, 'utf-8');
+        totalCopied += 1;
+        // ADR-PIPELINE-069: standalone scaffolded circuit-breaker module so
+        // generators can import CircuitBreaker without pulling all of
+        // middleware.ts. Owned by the scaffold (see OWNED_SCAFFOLD_MODULES).
+        fs.writeFileSync(path.join(scaffoldDir, 'circuit-breaker.ts'), CIRCUIT_BREAKER_SCAFFOLD, 'utf-8');
+        totalCopied += 1;
+        // ADR-PIPELINE-076: wire-complete Hono base app. Generators extend
+        // via createBaseApp(deps).route('/api/<domain>', router) instead of
+        // rebuilding the middleware/metrics/health plumbing from scratch.
+        // PGV-018 will fail the build if /metrics, /health/live, /health/ready
+        // are missing from the final project tree.
+        const apiDir = path.join(scaffoldDir, 'api');
+        fs.mkdirSync(apiDir, { recursive: true });
+        fs.writeFileSync(path.join(apiDir, 'base-app.ts'), BASE_APP_SCAFFOLD_HONO, 'utf-8');
+        totalCopied += 1;
+        // ADR-PIPELINE-077: ERP schema provenance helper. Every generated
+        // ERP adapter MUST export an ERP_SCHEMA_PROVENANCE constant and call
+        // assertErpProvenanceOrFail at construction so strict-mode deployments
+        // block on unreviewed schemas. PGV-020 enforces presence, PGV-021
+        // enforces reviewer + catalog_version on validated entries.
+        const erpDir = path.join(scaffoldDir, 'erp');
+        fs.mkdirSync(erpDir, { recursive: true });
+        fs.writeFileSync(path.join(erpDir, 'schema-provenance.ts'), ERP_SCHEMA_PROVENANCE_SCAFFOLD, 'utf-8');
+        totalCopied += 1;
+        // ADR-PIPELINE-066: unit-economics helper. The demo script calls
+        // writeUnitEconomics() to emit a machine-readable manifest that the
+        // executive renderer prefers over per-employee heuristics.
+        const unitEconomicsCode = `// Auto-generated by Agentics pipeline (ADR-PIPELINE-066)
+// Writes .agentics/runs/<run-id>/unit-economics.json so the executive
+// renderer can use bottom-up unit economics instead of heuristics.
+import { mkdirSync, writeFileSync, existsSync, readFileSync } from 'node:fs';
+import { dirname, join, resolve } from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+export interface DomainUnit {
+  label: string;   // e.g. "occupied room night"
+  abbrev: string;  // e.g. "orn"
+}
 
-  async call<T>(fn: () => Promise<T>): Promise<T> {
-    if (this.state === 'open') {
-      if (Date.now() < this.nextAttempt) {
-        throw new Error(\`Circuit breaker '\${this.name}' is OPEN — retry after \${new Date(this.nextAttempt).toISOString()}\`);
-      }
-      this.state = 'half-open';
-      this.logger.info('circuit.half-open', { name: this.name });
-    }
-    try {
-      const result = await fn();
-      if (this.state === 'half-open') {
-        this.state = 'closed';
-        this.failures = 0;
-        this.logger.info('circuit.closed', { name: this.name });
-      }
-      return result;
-    } catch (err) {
-      this.failures++;
-      if (this.failures >= this.threshold) {
-        this.state = 'open';
-        this.nextAttempt = Date.now() + this.cooldownMs;
-        this.logger.warn('circuit.open', { name: this.name, failures: this.failures, retryAt: new Date(this.nextAttempt).toISOString() });
-      }
-      throw err;
-    }
+export interface UnitEconomicsScope {
+  properties?: number;
+  rooms?: number;
+  sqft?: number;
+  vehicles?: number;
+  beds?: number;
+  agents?: number;
+  units?: number;
+  employees?: number;
+  region_mix?: Array<'NA' | 'EMEA' | 'APAC' | 'LATAM' | 'MEA'>;
+}
+
+export interface UnitEconomics {
+  run_id: string;
+  sector: string;
+  domain_unit: DomainUnit;
+  measured_scope: UnitEconomicsScope;
+  enterprise_scope: UnitEconomicsScope;
+  unit_savings: Record<string, number>;
+  annual_measured_savings_usd: number;
+  annual_extrapolated_savings_usd: number;
+  extrapolation_method: string;
+  confidence: { directional: number; precision: number };
+  generated_at?: string;
+  source?: 'prototype';
+}
+
+function findRunDir(): string | null {
+  // 1. Explicit override
+  const override = process.env['AGENTICS_RUN_DIR'];
+  if (override && existsSync(override)) return override;
+
+  // 2. Walk upward looking for .agentics/runs/latest
+  let dir: string;
+  try {
+    dir = dirname(fileURLToPath(import.meta.url));
+  } catch {
+    dir = process.cwd();
+  }
+  for (let i = 0; i < 6; i++) {
+    const candidate = join(dir, '.agentics', 'runs', 'latest');
+    if (existsSync(candidate)) return resolve(candidate);
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
   }
 
-  getState(): string { return this.state; }
+  // 3. Build from run id if we can find one
+  const simId = process.env['AGENTICS_SIMULATION_ID'];
+  if (simId) {
+    const dest = join(process.cwd(), '.agentics', 'runs', simId);
+    return dest;
+  }
+
+  return join(process.cwd(), '.agentics', 'runs', 'local-run');
+}
+
+export function writeUnitEconomics(manifest: UnitEconomics): string {
+  const runDir = findRunDir();
+  if (!runDir) throw new Error('ECLI-UE-066: unable to resolve run directory');
+  mkdirSync(runDir, { recursive: true });
+  const out = {
+    source: 'prototype' as const,
+    generated_at: new Date().toISOString(),
+    ...manifest,
+  };
+  const filePath = join(runDir, 'unit-economics.json');
+  writeFileSync(filePath, JSON.stringify(out, null, 2) + '\\n', 'utf-8');
+  return filePath;
+}
+
+export function readUnitEconomics(runDir: string): UnitEconomics | null {
+  const filePath = join(runDir, 'unit-economics.json');
+  if (!existsSync(filePath)) return null;
+  try {
+    return JSON.parse(readFileSync(filePath, 'utf-8')) as UnitEconomics;
+  } catch {
+    return null;
+  }
 }
 `;
-        fs.writeFileSync(path.join(scaffoldDir, 'middleware.ts'), middlewareCode, 'utf-8');
+        fs.writeFileSync(path.join(scaffoldDir, 'unit-economics.ts'), unitEconomicsCode, 'utf-8');
+        totalCopied += 1;
+        // ADR-PIPELINE-068: ESM-safe simulation-lineage helper. Every generated
+        // project gets a loader that reads .agentics/plans/manifest.json using
+        // readFileSync + fileURLToPath. NEVER use CommonJS require() in the
+        // generated project — it is "type": "module" and require() throws at
+        // runtime, producing a silent sim-unknown fallback that severs lineage.
+        // The string body lives at module scope (SIMULATION_LINEAGE_SCAFFOLD)
+        // so it can be unit-tested without invoking copyPlanningArtifacts.
+        fs.writeFileSync(path.join(scaffoldDir, 'simulation-lineage.ts'), SIMULATION_LINEAGE_SCAFFOLD, 'utf-8');
         totalCopied += 1;
+        // ADR-PIPELINE-069: Sidecar manifest listing every scaffold-owned
+        // module + its public exports. Consumed by:
+        //   - prompt-generator.ts (injects "do not reimplement" block)
+        //   - post-generation-validator PGV-012 (bans duplicate declarations)
+        // The manifest is the single source of truth — generators MUST NOT
+        // re-emit any export listed here.
+        const ownedManifestPath = path.join(plansDir, 'scaffold', 'OWNED_MODULES.json');
+        fs.writeFileSync(ownedManifestPath, JSON.stringify(buildOwnedModulesManifest(), null, 2) + '\n', 'utf-8');
+        totalCopied += 1;
+        // ADR-PIPELINE-069: Cleanup pass — scan the project tree for files
+        // that redeclare an export listed in OWNED_MODULES.json. Logs the
+        // count; under AGENTICS_AUTO_DEDUPE=true, deletes the duplicates.
+        try {
+            const projectRootForScan = projectRoot;
+            const dupes = detectScaffoldDuplicates(projectRootForScan, OWNED_SCAFFOLD_MODULES);
+            const autoDedupe = process.env['AGENTICS_AUTO_DEDUPE'] === 'true';
+            if (dupes.length > 0) {
+                console.error(`  [SCAFFOLD] scaffold.duplicate.detected count=${dupes.length}` +
+                    (autoDedupe ? ' (auto-deduping)' : ' (set AGENTICS_AUTO_DEDUPE=true to delete)'));
+                for (const d of dupes) {
+                    console.error(`    - ${d.path} redeclares ${d.exportName} (owned by ${d.ownedPath})`);
+                    if (autoDedupe) {
+                        try {
+                            fs.unlinkSync(d.path);
+                        }
+                        catch { /* best-effort */ }
+                    }
+                }
+            }
+            else {
+                console.error('  [SCAFFOLD] scaffold.duplicate.detected: 0');
+            }
+        }
+        catch {
+            // Cleanup is best-effort — never block scaffold emission on a scan failure.
+        }
         // Python scaffold (if SPARC specifies Python or query mentions it)
         const pyDir = path.join(plansDir, 'scaffold', 'python');
         fs.mkdirSync(pyDir, { recursive: true });
@@ -1562,6 +3021,46 @@ These numbers MUST come from the actual scoring/analysis results on seed data,
 not from generic heuristics. The evaluator checks that the business case
 references specific prototype findings.
 
+## 1c. Unit Economics Manifest (ADR-PIPELINE-066) — REQUIRED
+
+Copy \`src/unit-economics.ts\` from scaffold and call \`writeUnitEconomics(...)\`
+at the end of the demo run. This emits \`.agentics/runs/<run-id>/unit-economics.json\`,
+the machine-readable contract the executive renderer prefers over per-employee
+heuristics.
+
+Required fields (derive every number from the prototype's actual computations,
+NOT from employee headcount):
+
+\`\`\`typescript
+import { writeUnitEconomics } from './unit-economics.js';
+
+writeUnitEconomics({
+  run_id: process.env.AGENTICS_SIMULATION_ID ?? 'local-run',
+  sector: 'hospitality',                          // or the detected sector
+  domain_unit: { label: 'occupied room night', abbrev: 'orn' },
+  measured_scope: { properties: 4, rooms: 1450, region_mix: ['NA','EMEA','APAC'] },
+  enterprise_scope: { properties: 100, rooms: 36250, employees: 91000 },
+  unit_savings: {
+    usd_per_orn: 0.82,          // or usd_per_sqft_year / usd_per_vehicle_mile / ...
+    water_liters_per_orn: 14.5,
+    co2_kg_per_orn: 0.62,
+  },
+  annual_measured_savings_usd: measuredSavings,   // from the pilot scenario
+  annual_extrapolated_savings_usd: enterpriseSavings,
+  extrapolation_method: 'linear_by_rooms_weighted_by_regional_cost',
+  confidence: { directional: 0.92, precision: 0.42 },
+});
+\`\`\`
+
+IMPORTANT:
+- **Do NOT multiply employees × $/employee anywhere** to derive the savings figures.
+- \`measured_scope\` must reflect the real pilot data the prototype analyzed.
+- \`enterprise_scope\` and \`annual_extrapolated_savings_usd\` must use a clearly
+  named extrapolation method (linear by rooms, weighted by region, etc.).
+- The executive renderer will refuse to emit a financial analysis if the printed
+  figures drift more than ±1% from the manifest or the scope ratio deviates by
+  more than ±5% (ECLI-SYN-066).
+
 Also print an "Analysis Confidence" section:
 \`\`\`
 ═══ ANALYSIS CONFIDENCE ═══