@markdown-ai/cli 1.0.0-rc.2 → 1.1.0

package/dist/cli.js

@@ -2976,7 +2976,7 @@ var require_compile = __commonJS({
       const schOrFunc = root.refs[ref];
       if (schOrFunc)
         return schOrFunc;
-      let _sch = resolve2.call(this, root, ref);
+      let _sch = resolve4.call(this, root, ref);
       if (_sch === void 0) {
         const schema2 = (_a = root.localRefs) === null || _a === void 0 ? void 0 : _a[ref];
         const { schemaId } = this.opts;
@@ -3003,7 +3003,7 @@ var require_compile = __commonJS({
     function sameSchemaEnv(s1, s2) {
       return s1.schema === s2.schema && s1.root === s2.root && s1.baseId === s2.baseId;
     }
-    function resolve2(root, ref) {
+    function resolve4(root, ref) {
       let sch;
       while (typeof (sch = this.refs[ref]) == "string")
         ref = sch;
@@ -3578,55 +3578,55 @@ var require_fast_uri = __commonJS({
       }
       return uri;
     }
-    function resolve2(baseURI, relativeURI, options) {
+    function resolve4(baseURI, relativeURI, options) {
       const schemelessOptions = options ? Object.assign({ scheme: "null" }, options) : { scheme: "null" };
       const resolved = resolveComponent(parse(baseURI, schemelessOptions), parse(relativeURI, schemelessOptions), schemelessOptions, true);
       schemelessOptions.skipEscape = true;
       return serialize(resolved, schemelessOptions);
     }
-    function resolveComponent(base, relative, options, skipNormalization) {
+    function resolveComponent(base, relative3, options, skipNormalization) {
       const target = {};
       if (!skipNormalization) {
         base = parse(serialize(base, options), options);
-        relative = parse(serialize(relative, options), options);
+        relative3 = parse(serialize(relative3, options), options);
       }
       options = options || {};
-      if (!options.tolerant && relative.scheme) {
-        target.scheme = relative.scheme;
-        target.userinfo = relative.userinfo;
-        target.host = relative.host;
-        target.port = relative.port;
-        target.path = removeDotSegments(relative.path || "");
-        target.query = relative.query;
+      if (!options.tolerant && relative3.scheme) {
+        target.scheme = relative3.scheme;
+        target.userinfo = relative3.userinfo;
+        target.host = relative3.host;
+        target.port = relative3.port;
+        target.path = removeDotSegments(relative3.path || "");
+        target.query = relative3.query;
       } else {
-        if (relative.userinfo !== void 0 || relative.host !== void 0 || relative.port !== void 0) {
-          target.userinfo = relative.userinfo;
-          target.host = relative.host;
-          target.port = relative.port;
-          target.path = removeDotSegments(relative.path || "");
-          target.query = relative.query;
+        if (relative3.userinfo !== void 0 || relative3.host !== void 0 || relative3.port !== void 0) {
+          target.userinfo = relative3.userinfo;
+          target.host = relative3.host;
+          target.port = relative3.port;
+          target.path = removeDotSegments(relative3.path || "");
+          target.query = relative3.query;
         } else {
-          if (!relative.path) {
+          if (!relative3.path) {
             target.path = base.path;
-            if (relative.query !== void 0) {
-              target.query = relative.query;
+            if (relative3.query !== void 0) {
+              target.query = relative3.query;
             } else {
               target.query = base.query;
             }
           } else {
-            if (relative.path[0] === "/") {
-              target.path = removeDotSegments(relative.path);
+            if (relative3.path[0] === "/") {
+              target.path = removeDotSegments(relative3.path);
             } else {
               if ((base.userinfo !== void 0 || base.host !== void 0 || base.port !== void 0) && !base.path) {
-                target.path = "/" + relative.path;
+                target.path = "/" + relative3.path;
               } else if (!base.path) {
-                target.path = relative.path;
+                target.path = relative3.path;
               } else {
-                target.path = base.path.slice(0, base.path.lastIndexOf("/") + 1) + relative.path;
+                target.path = base.path.slice(0, base.path.lastIndexOf("/") + 1) + relative3.path;
               }
               target.path = removeDotSegments(target.path);
             }
-            target.query = relative.query;
+            target.query = relative3.query;
           }
           target.userinfo = base.userinfo;
           target.host = base.host;
@@ -3634,7 +3634,7 @@ var require_fast_uri = __commonJS({
         }
         target.scheme = base.scheme;
       }
-      target.fragment = relative.fragment;
+      target.fragment = relative3.fragment;
       return target;
     }
     function equal(uriA, uriB, options) {
@@ -3805,7 +3805,7 @@ var require_fast_uri = __commonJS({
     var fastUri = {
       SCHEMES,
       normalize,
-      resolve: resolve2,
+      resolve: resolve4,
       resolveComponent,
       equal,
       serialize,
@@ -7618,9 +7618,6 @@ var require_dist = __commonJS({
   }
 });
 
-// src/cli.ts
-import { existsSync as existsSync2, rmSync as rmSync2 } from "node:fs";
-
 // src/types.ts
 var EXIT = {
   ok: 0,
@@ -7645,22 +7642,264 @@ var MDA_EXTENDED = [
 var TARGET_ORDER = ["SKILL.md", "AGENTS.md", "MCP-SERVER.md"];
 var MCP_BOUNDARY = "\n--MDA-FILE-BOUNDARY--\n";
 function commandResult(ok, command, exitCode, diagnostics, extra = {}) {
-  return { ok, command, exitCode, diagnostics, ...extra };
+  const stableDiagnostics = diagnostics.map(stabilizeDiagnosticCode);
+  return {
+    ok,
+    command,
+    exitCode,
+    summary: ok ? `${command} completed` : `${command} failed`,
+    artifacts: [],
+    diagnostics: stableDiagnostics,
+    nextActions: [],
+    ...extra
+  };
 }
 function diag(code, message, extra = {}) {
   return { code, message, severity: "error", ...extra };
 }
+function stabilizeDiagnosticCode(diagnostic) {
+  return { ...diagnostic, code: stableDiagnosticCode(diagnostic.code) };
+}
+function stableDiagnosticCode(code) {
+  if (/^(input|schema|integrity|signature|trust_policy|sigstore|rekor|did_web|llmix|release|compat|filesystem|conformance)\./.test(code)) {
+    return code;
+  }
+  const mapped = DIAGNOSTIC_CODE_MAP[code];
+  if (mapped) return mapped;
+  return `input.${code.replace(/[^a-zA-Z0-9]+/g, "_").replace(/^_+|_+$/g, "").toLowerCase() || "unknown"}`;
+}
+var DIAGNOSTIC_CODE_MAP = {
+  "usage-error": "input.usage",
+  "invalid-encoding": "input.invalid_encoding",
+  "unterminated-frontmatter": "input.unterminated_frontmatter",
+  "frontmatter-yaml-parse-error": "input.frontmatter_yaml_parse",
+  "missing-required-frontmatter": "input.missing_required_frontmatter",
+  "missing-required-body": "input.missing_required_body",
+  "invalid-json": "input.invalid_json",
+  "io-error": "filesystem.io",
+  "rollback-error": "filesystem.rollback",
+  "schema-validation-error": "schema.validation",
+  "relationship-footnote-json-parse-error": "schema.relationship_footnote_json_parse",
+  "missing-required-sidecar": "integrity.missing_required_sidecar",
+  "missing-required-integrity": "integrity.missing_required",
+  "unsupported-integrity-algorithm": "integrity.unsupported_algorithm",
+  "integrity-mismatch": "integrity.mismatch",
+  "missing-required-signature": "signature.missing_required",
+  "signature-digest-mismatch": "signature.digest_mismatch",
+  "signature-verification-unavailable": "signature.verification_unavailable",
+  "signing-unavailable": "signature.signing_unavailable",
+  "trust-policy-violation": "trust_policy.violation",
+  "no-trusted-signature": "trust_policy.no_trusted_signature",
+  "insufficient-trusted-signatures": "trust_policy.insufficient_trusted_signatures",
+  "fixture-missing": "conformance.fixture_missing",
+  "conformance-manifest-invalid": "conformance.manifest_invalid",
+  "extraction-mismatch": "conformance.extraction_mismatch",
+  "expected-error-mismatch": "conformance.expected_error_mismatch",
+  "compile-fixture-unavailable": "conformance.compile_fixture_unavailable",
+  "internal-error": "input.internal_error"
+};
 function usage(command, message, extra = {}) {
-  return commandResult(false, command, EXIT.usage, [diag("usage-error", message)], extra);
+  return commandResult(false, command, EXIT.usage, [diag("usage-error", message)], {
+    summary: `${command} usage error`,
+    nextActions: [
+      {
+        id: "show-help",
+        required: true,
+        reason: "Review command usage",
+        command: "mda --help"
+      }
+    ],
+    ...extra
+  });
 }
 function ioError(command, message, extra = {}) {
-  return commandResult(false, command, EXIT.io, [diag("io-error", message)], extra);
+  return commandResult(false, command, EXIT.io, [diag("io-error", message)], {
+    summary: `${command} IO error`,
+    nextActions: [
+      {
+        id: "fix-filesystem",
+        required: true,
+        reason: "Fix the filesystem path or permissions and retry",
+        command: `mda ${command}`
+      }
+    ],
+    ...extra
+  });
 }
 
+// src/cli/help.ts
+var HELP = `Markdown AI CLI (@markdown-ai/cli)
+
+Usage:
+  mda
+  mda --help
+  mda init <name> [--out <file>] [--json]
+  mda init --template llmix-preset --module <name> --preset <name> --provider <provider> --model <model> [--out <file>] [--json]
+  mda validate <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--json]
+  mda compile <file.mda> --target <target...> [--out-dir <dir>] [--integrity] [--manifest <path>] [--strict-compat] [--json]
+  mda canonicalize <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--json]
+  mda integrity compute <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--algorithm sha256|sha384|sha512] [--write] [--json]
+  mda integrity verify <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--json]
+  mda sign <file> --profile did-web --did <did> --key-id <key-id> --key-file <path> (--out <file>|--in-place) [--json]
+  mda sign <file> --profile github-actions --repo <owner/repo> --workflow <workflow> --ref <ref> --rekor --offline-sigstore-fixture <path> (--out <file>|--in-place) [--json]
+  mda sign <file> --method did-web --key <path> --identity <domain> (--out <file>|--in-place) [--json]
+  mda verify <file> --policy <path> [--did-document <path>] [--offline-sigstore-fixture <path>] [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--json]
+  mda release trust policy --target llmix-registry --profile github-actions --repo <owner/repo> --workflow <workflow> --ref <ref> [--out <file>] [--json]
+  mda release trust policy --target llmix-registry --profile did-web --domain <domain> [--min-signatures <n>] [--out <file>] [--json]
+  mda release prepare --target llmix-registry --source <dir> --registry-dir <dir> --policy <path> --out <file> [--did-document <path>] [--offline-sigstore-fixture <path>] [--json]
+  mda release finalize --target llmix-registry --registry-dir <dir> --registry-root <file> --release-plan <file> --policy <path> (--expected-root-digest <digest>|--derive-root-digest) [--minimum-revision <rev>] [--minimum-published-at <iso>] [--high-watermark <value>] --out <file> [--did-document <path>] [--offline-sigstore-fixture <path>] [--json]
+  mda release finalize --target llmix-registry --registry-dir <dir> --manifest <path> --snippet-format json|env|kubernetes|github-actions|terraform|typescript|python|rust --snippet-out <path> [--json]
+  mda doctor release --target llmix-registry --source <dir> --registry-dir <dir> --release-plan <path> --manifest <path> [--did-document <path>] [--offline-sigstore-fixture <path>] [--json]
+  mda conformance [--suite <path>] [--level V|C] [--json]
+
+Global flags:
+  --json       Print stable JSON only on stdout.
+  --quiet      Suppress non-essential human output.
+  --verbose    Include extra diagnostic context where available.
+  --no-color   Disable ANSI color.
+  --no-next    Omit human Next: guidance. JSON nextActions are unchanged.
+  -h, --help   Print this full help.
+
+Commands and options:
+  init <name>
+    --out <file>                 Write the scaffold atomically. Refuses overwrite.
+    --json                       Return scaffold in JSON instead of raw .mda text.
+    --template llmix-preset      Generate an LLMix preset source artifact.
+    --module <name>              LLMix module name, e.g. search_summary or _default.
+    --preset <name>              LLMix preset name, e.g. openai_fast or _base.
+    --provider <provider>        openai, anthropic, google, deepseek, openrouter, deepinfra, novita, together, or sno-gpu.
+    --model <model>              Provider model identifier.
+
+  validate <file>
+    --target <target>            source, SKILL.md, AGENTS.md, MCP-SERVER.md, or auto. Default: auto.
+
+  compile <file.mda>
+    --target <target...>         Required. One or more of SKILL.md, AGENTS.md, MCP-SERVER.md.
+    --out-dir <dir>              Output directory. Default: current working directory.
+    --integrity                  Add sha256 integrity to emitted artifacts.
+    --manifest <path>            Write compile evidence with source digest, output digests, capabilities, and warnings.
+    --strict-compat              Treat compatibility warnings as compile failures before writing outputs.
+
+  canonicalize <file>
+    --target <target>            Default: auto.
+    --sidecar <path>             Required only for MCP-SERVER.md multi-file canonical bytes.
+
+  integrity compute <file>
+    --target <target>            Default: auto.
+    --sidecar <path>             Required only for MCP-SERVER.md.
+    --algorithm <name>           sha256, sha384, or sha512. Default: sha256.
+    --write                      Write the computed digest into frontmatter.integrity. Refuses mismatched existing integrity.
+
+  integrity verify <file>
+    --target <target>            Default: auto.
+    --sidecar <path>             Required only for MCP-SERVER.md.
+
+  verify <file>
+    --policy <path>              Required trust policy JSON.
+    --did-document <path>        Local did:web document fixture for deterministic verification.
+    --offline-sigstore-fixture <path>
+                                 Local Sigstore/Rekor fixture for deterministic GitHub Actions verification.
+    --target <target>            Default: auto.
+    --sidecar <path>             Required only for MCP-SERVER.md.
+    --offline                    Unsupported; use explicit profile evidence fixtures instead.
+
+  sign <file>
+    --profile did-web            Sign with a did:web key and DSSE PAE integrity payload.
+    --did <did>                  Required for --profile did-web, e.g. did:web:example.com.
+    --key-id <key-id>            Required verification method id in the DID document.
+    --key-file <path>            Required private key PEM.
+    --method did-web             Compatibility alias for --profile did-web.
+    --key <path>                 Compatibility alias for --key-file.
+    --identity <domain>          Compatibility alias for --did did:web:<domain>.
+    --profile github-actions     Sign with explicit GitHub Actions Sigstore/Rekor fixture evidence.
+    --repo <owner/repo>          Required GitHub repository for --profile github-actions.
+    --workflow <workflow>        Required workflow file or workflow identity.
+    --ref <ref>                  Required exact Git ref.
+    --rekor                      Required explicit Rekor evidence acknowledgement.
+    --offline-sigstore-fixture <path>
+                                 Required local Sigstore/Rekor fixture for deterministic signing.
+    --out <file>                 Write signed output.
+    --in-place                   Replace the input file.
+
+  release trust policy
+    --target llmix-registry     Required. Generate trust policy for the LLMix registry release target.
+    --profile did-web            Generate a schema-valid did:web trust policy.
+    --domain <domain>            Trusted did:web domain.
+    --min-signatures <n>         Minimum trusted signatures. Default: 1.
+    --profile github-actions     Generate a schema-valid Sigstore/Rekor policy.
+    --repo <owner/repo>          Trusted GitHub repository.
+    --workflow <workflow>        Trusted workflow file or workflow identity.
+    --ref <ref>                  Trusted exact Git ref, e.g. refs/heads/main.
+    --out <file>                 Write policy JSON atomically. Refuses overwrite.
+
+  release prepare
+    --target llmix-registry      Required. Prepare a verified LLMix registry release plan.
+    --source <dir>               Directory containing signed LLMix .mda preset sources.
+    --registry-dir <dir>         Target LLMix registry directory. This command reads only and never publishes registry files.
+    --policy <path>              Trust policy used to verify every source signature.
+    --did-document <path>        Local did:web document fixture when using did:web signatures.
+    --offline-sigstore-fixture <path>
+                                 Local Sigstore/Rekor fixture when using GitHub Actions signatures.
+    --out <file>                 Write the deterministic release plan atomically. Refuses overwrite.
+
+  release finalize
+    --target llmix-registry      Required. Finalize LLMix registry release trust artifacts.
+    --registry-dir <dir>         Published LLMix registry directory. Manifest output is rejected inside this directory.
+    --registry-root <file>       Signed registry-root evidence JSON.
+    --release-plan <file>        Verified release plan produced before registry publication.
+    --policy <path>              Trust policy used to verify registry-root signatures.
+    --expected-root-digest <d>   Pin the exact registry-root digest.
+    --derive-root-digest         Derive expectedRootDigest from verified registry-root evidence.
+    --minimum-revision <rev>     Reject registry roots older than this revision.
+    --minimum-published-at <iso> Reject registry roots published before this timestamp.
+    --high-watermark <value>     Reject roots below this monotonic high-watermark.
+    --out <file>                 Write the external deployment trust manifest. Refuses overwrite.
+    --manifest <path>            Existing external trust manifest for snippet generation.
+    --snippet-format <format>    json, env, kubernetes, github-actions, terraform, typescript, python, or rust.
+    --snippet-out <file>         Write the deployment snippet atomically. Refuses overwrite.
+
+  doctor release
+    --target llmix-registry      Required. Check LLMix registry release readiness.
+    --source <dir>               Directory containing LLMix .mda preset sources.
+    --registry-dir <dir>         Published LLMix registry directory.
+    --release-plan <path>        Verified release plan used for the signed registry root.
+    --manifest <path>            External deployment trust manifest.
+    --did-document <path>        Local DID document for did:web registry-root signature verification.
+    --offline-sigstore-fixture <path>
+                                  Deterministic Sigstore/Rekor fixture for registry-root verification.
+
+Examples:
+  mda init hello-skill --out hello.mda
+  mda init --template llmix-preset --module search_summary --preset openai_fast --provider openai --model gpt-5-mini --out search_summary/openai_fast.mda
+  mda validate hello.mda --json
+  mda compile hello.mda --target SKILL.md AGENTS.md MCP-SERVER.md --out-dir out --integrity --manifest out/compile-manifest.json
+  mda canonicalize out/SKILL.md --target SKILL.md --json
+  mda integrity compute out/SKILL.md --target SKILL.md --algorithm sha256 --json
+  mda integrity verify out/SKILL.md --target SKILL.md
+  mda verify signed.md --policy policy.json --json
+  mda release trust policy --target llmix-registry --profile github-actions --repo owner/repo --workflow release.yml --ref refs/heads/main --out release/source-policy.json --json
+  mda release prepare --target llmix-registry --source authoring --registry-dir registry --policy release/source-policy.json --out release/plan.json --json
+  mda release finalize --target llmix-registry --registry-dir registry --registry-root registry/snapshots/current/registry-root.json --release-plan release/plan.json --policy release/root-policy.json --derive-root-digest --out release/llmix-trust.json --json
+  mda release finalize --target llmix-registry --registry-dir registry --manifest release/llmix-trust.json --snippet-format json --snippet-out release/llmix-trust-snippet.json --json
+  mda doctor release --target llmix-registry --source authoring --registry-dir registry --release-plan release/plan.json --manifest release/llmix-trust.json --did-document did.json --json
+  mda conformance --suite conformance --level V --json
+
+Exit codes:
+  0  Success.
+  1  Valid command, but artifact validation or verification failed.
+  2  CLI usage error: missing argument, unknown flag, ambiguous target.
+  3  IO or configuration error: missing file, overwrite refusal, unreadable policy.
+  4  Internal bug or invariant failure.
+`;
+
+// src/cli/core-commands.ts
+import { existsSync as existsSync2, rmSync as rmSync2 } from "node:fs";
+import { resolve as resolve2 } from "node:path";
+
 // src/mda.ts
 var import__ = __toESM(require__(), 1);
 var import_ajv_formats = __toESM(require_dist(), 1);
-import { createHash } from "node:crypto";
+import { createHash, randomBytes } from "node:crypto";
 import {
   closeSync,
   existsSync,
@@ -7669,10 +7908,11 @@ import {
   openSync,
   readFileSync,
   readdirSync,
+  renameSync,
   rmSync,
   writeFileSync
 } from "node:fs";
-import { dirname, extname, join, resolve } from "node:path";
+import { dirname, extname, join, relative, resolve } from "node:path";
 import { fileURLToPath } from "node:url";
 
 // ../../node_modules/.pnpm/js-yaml@4.1.1/node_modules/js-yaml/dist/js-yaml.mjs
@@ -10311,6 +10551,29 @@ description: "Describe what this Markdown AI document does."
 Describe the instructions, workflow, or capability here.
 `;
 }
+function makeLlmixPresetScaffold(moduleName, presetName, provider, model) {
+  const artifactName = `llmix-${moduleName.replace(/^_/, "").replace(/_/g, "-")}-${presetName.replace(/^_/, "").replace(/_/g, "-")}`;
+  return renderMarkdown(
+    {
+      name: artifactName,
+      description: `LLMix preset ${moduleName}/${presetName}`,
+      metadata: {
+        "snoai-llmix": {
+          module: moduleName,
+          preset: presetName,
+          common: {
+            provider,
+            model
+          }
+        }
+      }
+    },
+    `# ${moduleName}/${presetName}
+
+Describe when this LLMix preset should be used.
+`
+  );
+}
 function resolveTarget(file, target) {
   if (target !== "auto") return { ok: true, target };
   const base = file.split(/[\\/]/).pop() ?? file;
@@ -10390,7 +10653,10 @@ function validateArtifact(file, target) {
       return { ok: false, diagnostics: [diag("missing-required-frontmatter", `${target} requires YAML frontmatter`, { path: file })] };
     }
     if (ext.body.trim().length === 0) {
-      return { ok: false, diagnostics: [diag("missing-required-body", "AGENTS.md without frontmatter requires a non-empty body", { path: file })] };
+      return {
+        ok: false,
+        diagnostics: [diag("missing-required-body", "AGENTS.md without frontmatter requires a non-empty body", { path: file })]
+      };
     }
   }
   const fm = ext.kind === "ok" ? ext.frontmatter ?? {} : {};
@@ -10404,6 +10670,7 @@ function validateArtifact(file, target) {
   }
   if (isRecord(fm)) {
     diagnostics.push(...checkSignatureDigestEquality(fm));
+    if (target === "source") diagnostics.push(...validateLlmixNamespace(fm));
   }
   return { ok: diagnostics.length === 0, diagnostics };
 }
@@ -10419,10 +10686,12 @@ function validateJsonAgainst(value, key) {
   const ok = validator(value);
   return {
     ok: Boolean(ok),
-    diagnostics: ok ? [] : (validator.errors ?? []).slice(0, 5).map((error) => diag("schema-validation-error", `${error.instancePath || "(root)"} ${error.message}`, {
-      schema: error.schemaPath,
-      instancePath: error.instancePath
-    }))
+    diagnostics: ok ? [] : (validator.errors ?? []).slice(0, 5).map(
+      (error) => diag("schema-validation-error", `${error.instancePath || "(root)"} ${error.message}`, {
+        schema: error.schemaPath,
+        instancePath: error.instancePath
+      })
+    )
   };
 }
 function getSchemas() {
@@ -10498,15 +10767,124 @@ function checkSignatureDigestEquality(fm) {
   });
   return diagnostics;
 }
+var LLMIX_PROVIDERS = /* @__PURE__ */ new Set(["openai", "anthropic", "google", "deepseek", "openrouter", "deepinfra", "novita", "together", "sno-gpu"]);
+var LLMIX_COMMON_KEYS = /* @__PURE__ */ new Set([
+  "provider",
+  "model",
+  "maxOutputTokens",
+  "temperature",
+  "topP",
+  "topK",
+  "presencePenalty",
+  "frequencyPenalty",
+  "stopSequences",
+  "seed",
+  "maxRetries",
+  "enableThinking",
+  "keepThinkingOutput"
+]);
+var LLMIX_MODULE_NAME = /^(?:_default|[a-z][a-z0-9_]{0,63})$/;
+var LLMIX_PRESET_NAME = /^(?:_base[a-z0-9_]*|[a-z][a-z0-9_]{0,63})$/;
+var LLMIX_NAMESPACE_KEYS = /* @__PURE__ */ new Set(["module", "preset", "common", "providerOptions", "caching"]);
+var LLMIX_CACHING_KEYS = /* @__PURE__ */ new Set(["strategy", "key", "ttl", "maxItems"]);
+var LLMIX_CACHING_STRATEGIES = /* @__PURE__ */ new Set(["native", "gateway", "disabled", "redis", "redis-or-memory", "memory"]);
+function validateLlmixNamespace(fm) {
+  const metadata = isRecord(fm.metadata) ? fm.metadata : null;
+  const namespace = metadata && isRecord(metadata["snoai-llmix"]) ? metadata["snoai-llmix"] : null;
+  if (!namespace) return [];
+  const diagnostics = [];
+  for (const key of Object.keys(namespace)) {
+    if (!LLMIX_NAMESPACE_KEYS.has(key))
+      diagnostics.push(diag("llmix.unknown_namespace_key", `metadata.snoai-llmix.${key} is not a supported key`));
+  }
+  const common2 = isRecord(namespace.common) ? namespace.common : null;
+  if (namespace.module !== void 0 && (typeof namespace.module !== "string" || !LLMIX_MODULE_NAME.test(namespace.module))) {
+    diagnostics.push(diag("llmix.invalid_identifier", "metadata.snoai-llmix.module must be _default or a lowercase snake_case identifier"));
+  }
+  if (namespace.preset !== void 0 && (typeof namespace.preset !== "string" || !LLMIX_PRESET_NAME.test(namespace.preset))) {
+    diagnostics.push(diag("llmix.invalid_identifier", "metadata.snoai-llmix.preset must be _base* or a lowercase snake_case identifier"));
+  }
+  if (!common2) {
+    diagnostics.push(diag("llmix.missing_common", "metadata.snoai-llmix.common is required"));
+  } else {
+    for (const key of Object.keys(common2)) {
+      if (!LLMIX_COMMON_KEYS.has(key))
+        diagnostics.push(diag("llmix.unknown_common_key", `metadata.snoai-llmix.common.${key} is not supported`));
+    }
+    if (typeof common2.provider !== "string" || !LLMIX_PROVIDERS.has(common2.provider)) {
+      diagnostics.push(diag("llmix.invalid_provider", "metadata.snoai-llmix.common.provider must be a supported provider"));
+    }
+    if (typeof common2.model !== "string" || common2.model.trim().length === 0) {
+      diagnostics.push(diag("llmix.invalid_model", "metadata.snoai-llmix.common.model must be a non-empty string"));
+    }
+    validateOptionalNumber(common2, "temperature", 0, 2, diagnostics);
+    validateOptionalNumber(common2, "topP", 0, 1, diagnostics);
+    validateOptionalPositiveInteger(common2, "maxOutputTokens", diagnostics);
+    validateOptionalPositiveInteger(common2, "topK", diagnostics);
+    validateOptionalNonNegativeInteger(common2, "maxRetries", diagnostics);
+  }
+  if (namespace.providerOptions !== void 0) {
+    if (!isRecord(namespace.providerOptions))
+      diagnostics.push(diag("llmix.invalid_provider_options", "metadata.snoai-llmix.providerOptions must be an object"));
+    else {
+      for (const [provider, options] of Object.entries(namespace.providerOptions)) {
+        if (!LLMIX_PROVIDERS.has(provider) || !isRecord(options)) {
+          diagnostics.push(
+            diag("llmix.invalid_provider_options", `metadata.snoai-llmix.providerOptions.${provider} must be a supported provider object`)
+          );
+        }
+      }
+    }
+  }
+  if (namespace.caching !== void 0) {
+    if (!isRecord(namespace.caching)) diagnostics.push(diag("llmix.invalid_caching", "metadata.snoai-llmix.caching must be an object"));
+    else {
+      for (const key of Object.keys(namespace.caching)) {
+        if (!LLMIX_CACHING_KEYS.has(key))
+          diagnostics.push(diag("llmix.unknown_caching_key", `metadata.snoai-llmix.caching.${key} is not supported`));
+      }
+      if (typeof namespace.caching.strategy !== "string" || !LLMIX_CACHING_STRATEGIES.has(namespace.caching.strategy)) {
+        diagnostics.push(diag("llmix.invalid_caching", "metadata.snoai-llmix.caching.strategy must be a supported strategy"));
+      }
+      validateOptionalPositiveInteger(namespace.caching, "ttl", diagnostics);
+      validateOptionalPositiveInteger(namespace.caching, "maxItems", diagnostics);
+    }
+  }
+  return diagnostics;
+}
+function validateOptionalNumber(record, key, min, max, diagnostics) {
+  if (record[key] === void 0) return;
+  if (typeof record[key] !== "number" || !Number.isFinite(record[key]) || Number(record[key]) < min || Number(record[key]) > max) {
+    diagnostics.push(diag("llmix.invalid_common", `metadata.snoai-llmix.common.${key} must be a number from ${min} to ${max}`));
+  }
+}
+function validateOptionalPositiveInteger(record, key, diagnostics) {
+  if (record[key] === void 0) return;
+  if (!Number.isInteger(record[key]) || Number(record[key]) <= 0) {
+    diagnostics.push(diag("llmix.invalid_common", `${key} must be a positive integer`));
+  }
+}
+function validateOptionalNonNegativeInteger(record, key, diagnostics) {
+  if (record[key] === void 0) return;
+  if (!Number.isInteger(record[key]) || Number(record[key]) < 0) {
+    diagnostics.push(diag("llmix.invalid_common", `${key} must be a non-negative integer`));
+  }
+}
 function canonicalizeFromFile(file, target, sidecar) {
   if (target === "MCP-SERVER.md" && !sidecar) {
-    return { ok: false, exitCode: EXIT.usage, diagnostics: [diag("missing-required-sidecar", "MCP-SERVER.md canonicalization requires --sidecar <path>")], files: [file] };
+    return {
+      ok: false,
+      exitCode: EXIT.usage,
+      diagnostics: [diag("missing-required-sidecar", "MCP-SERVER.md canonicalization requires --sidecar <path>")],
+      files: [file]
+    };
   }
   const markdown = canonicalizeMarkdownFile(file);
   if (!markdown.ok) return { ok: false, exitCode: EXIT.failure, diagnostics: markdown.diagnostics, files: [file] };
   if (target !== "MCP-SERVER.md") return { ok: true, bytes: markdown.bytes, files: [file] };
   const sidecarRead = readJson(sidecar);
-  if (!sidecarRead.ok) return { ok: false, exitCode: EXIT.io, diagnostics: [diag("io-error", sidecarRead.message)], files: [file, sidecar] };
+  if (!sidecarRead.ok)
+    return { ok: false, exitCode: EXIT.io, diagnostics: [diag("io-error", sidecarRead.message)], files: [file, sidecar] };
   return {
     ok: true,
     bytes: Buffer.concat([markdown.bytes, Buffer.from(MCP_BOUNDARY), Buffer.from(jcs(sidecarRead.value))]),
@@ -10553,11 +10931,10 @@ function compileTargets(frontmatter, body, targets, outDir, includeIntegrity) {
       if (includeIntegrity) {
         fm.integrity = {
           algorithm: "sha256",
-          digest: computeDigest(Buffer.concat([
-            canonicalizeRenderedMarkdown(fm, body),
-            Buffer.from(MCP_BOUNDARY),
-            Buffer.from(jcs(sidecar))
-          ]), "sha256")
+          digest: computeDigest(
+            Buffer.concat([canonicalizeRenderedMarkdown(fm, body), Buffer.from(MCP_BOUNDARY), Buffer.from(jcs(sidecar))]),
+            "sha256"
+          )
         };
         bytes = renderMarkdown(fm, body);
       }
@@ -10602,6 +10979,9 @@ function renderMarkdown(frontmatter, body) {
 ${rendered}---
 ${body}`;
 }
+function renderArtifact(frontmatter, body) {
+  return renderMarkdown(frontmatter, body);
+}
 function canonicalizeRenderedMarkdown(frontmatter, body) {
   const fm = { ...frontmatter };
   delete fm.integrity;
@@ -10640,18 +11020,33 @@ function runConformanceSuite(suite, level) {
   }
   const manifest = jsYaml.load(manifestRead.text);
   if (!isRecord(manifest) || !Array.isArray(manifest.fixtures)) {
-    return { ok: false, diagnostics: [diag("conformance-manifest-invalid", "manifest.yaml must contain fixtures[]")], passCount: 0, failCount: 1, fixtures: [] };
+    return {
+      ok: false,
+      diagnostics: [diag("conformance-manifest-invalid", "manifest.yaml must contain fixtures[]")],
+      passCount: 0,
+      failCount: 1,
+      fixtures: []
+    };
   }
   const fixtures = [];
+  let compileFixtureCount = 0;
   for (const entry of manifest.fixtures) {
     if (!isRecord(entry) || typeof entry.id !== "string") continue;
     if (entry.verdict === "equal") {
+      compileFixtureCount += 1;
       if (level === "V") continue;
-      fixtures.push({ id: entry.id, ok: false, diagnostics: [diag("compile-fixture-unavailable", "No compiler-level fixtures are present yet")] });
+      fixtures.push(runCompileConformanceFixture(suite, entry));
       continue;
     }
     fixtures.push(runConformanceFixture(suite, entry));
   }
+  if (level === "C" && compileFixtureCount === 0) {
+    fixtures.push({
+      id: "level-c-compile-coverage",
+      ok: false,
+      diagnostics: [diag("conformance.compile_fixtures_missing", "Level C requires at least one compile/equality fixture")]
+    });
+  }
   const failures = fixtures.filter((f) => !f.ok);
   return {
     ok: failures.length === 0,
@@ -10661,6 +11056,71 @@ function runConformanceSuite(suite, level) {
     fixtures
   };
 }
+function runCompileConformanceFixture(suite, entry) {
+  const id = String(entry.id);
+  const input = typeof entry.input === "string" ? resolve(suite, entry.input) : null;
+  const expectedDir = typeof entry.expected_dir === "string" ? resolve(suite, entry.expected_dir) : null;
+  const targetValues = Array.isArray(entry.targets) ? entry.targets.map((value) => normalizeCompileTarget(String(value))) : [];
+  const targets = targetValues.filter((target) => target !== null);
+  const diagnostics = [];
+  if (!input) diagnostics.push(diag("conformance.manifest_invalid", "Compile fixture requires input"));
+  if (!expectedDir) diagnostics.push(diag("conformance.manifest_invalid", "Compile fixture requires expected_dir"));
+  if (targets.length === 0 || targets.length !== targetValues.length) {
+    diagnostics.push(diag("conformance.manifest_invalid", "Compile fixture requires valid targets"));
+  }
+  if (diagnostics.length > 0) return { id, ok: false, diagnostics };
+  const read = readArtifact(input);
+  if (!read.ok) return { id, ok: false, diagnostics: [read.diagnostic] };
+  if (read.extract.kind !== "ok" || !isRecord(read.extract.frontmatter)) {
+    return { id, ok: false, diagnostics: [diag("conformance.compile_input_invalid", "Compile fixture input must be source frontmatter")] };
+  }
+  const validation = validateArtifact(input, "source");
+  if (!validation.ok) {
+    return {
+      id,
+      ok: false,
+      diagnostics: validation.diagnostics.map((diagnostic) => ({ ...diagnostic, code: "conformance.compile_input_invalid" }))
+    };
+  }
+  const outRoot = "__mda_conformance_out__";
+  const staged = compileTargets(read.extract.frontmatter, read.extract.body, targets, outRoot, false);
+  if (!staged.ok) {
+    return {
+      id,
+      ok: false,
+      diagnostics: staged.diagnostics.map((diagnostic) => ({ ...diagnostic, code: "conformance.compile_failed" }))
+    };
+  }
+  const actual = /* @__PURE__ */ new Map();
+  for (const output of staged.outputs) actual.set(relative(outRoot, output.path).replace(/\\/g, "/"), output.bytes);
+  const expectedFiles = listExpectedTree(expectedDir);
+  if (!expectedFiles.ok) return { id, ok: false, diagnostics: [expectedFiles.diagnostic] };
+  const expected = /* @__PURE__ */ new Map();
+  for (const file of expectedFiles.files) {
+    const rel = relative(expectedDir, file).replace(/\\/g, "/");
+    const text = readText(file);
+    if (!text.ok) return { id, ok: false, diagnostics: [diag("conformance.expected_missing", text.message)] };
+    expected.set(rel, text.text);
+  }
+  for (const rel of expected.keys()) {
+    if (!actual.has(rel)) diagnostics.push(diag("conformance.compile_output_missing", `Expected output was not emitted: ${rel}`));
+  }
+  for (const rel of actual.keys()) {
+    if (!expected.has(rel)) diagnostics.push(diag("conformance.compile_output_extra", `Unexpected output was emitted: ${rel}`));
+  }
+  for (const [rel, expectedText] of expected.entries()) {
+    const actualText = actual.get(rel);
+    if (actualText === void 0) continue;
+    const expectedNormalized = normalizeConformanceOutput(rel, expectedText);
+    const actualNormalized = normalizeConformanceOutput(rel, actualText);
+    if (!expectedNormalized.ok) diagnostics.push(expectedNormalized.diagnostic);
+    else if (!actualNormalized.ok) diagnostics.push(actualNormalized.diagnostic);
+    else if (expectedNormalized.bytes !== actualNormalized.bytes) {
+      diagnostics.push(diag("conformance.compile_output_mismatch", `Compiled output differs from expected fixture: ${rel}`));
+    }
+  }
+  return { id, ok: diagnostics.length === 0, diagnostics };
+}
 function runConformanceFixture(suite, entry) {
   const id = String(entry.id);
   const fixturePath = resolve(suite, String(entry.path));
@@ -10682,7 +11142,8 @@ function runConformanceFixture(suite, entry) {
     if (!read.ok) diagnostics.push(read.diagnostic);
     else {
       const got = read.extract.kind === "error" ? read.extract.code : read.extract.kind === "no-frontmatter" ? "no-frontmatter" : "ok";
-      if (extractionExpected && got !== extractionExpected) diagnostics.push(diag("extraction-mismatch", `Expected ${extractionExpected}, got ${got}`));
+      if (extractionExpected && got !== extractionExpected)
+        diagnostics.push(diag("extraction-mismatch", `Expected ${extractionExpected}, got ${got}`));
       if (extractionExpected && got === extractionExpected && schemaPaths.length === 0) {
         return { id, ok: true, diagnostics: [] };
       }
@@ -10722,13 +11183,19 @@ function runTrustedRuntimeConformance(suite, entry) {
   if (!policy.ok) return [diag("trust-policy-violation", policy.message)];
   const policyValidation = validateJsonAgainst(policy.value, "trustPolicy");
   if (!policyValidation.ok) return policyValidation.diagnostics.map((d) => ({ ...d, code: "trust-policy-violation" }));
-  const artifact = readArtifact(resolve(suite, String(entry.path)));
-  if (!artifact.ok || artifact.extract.kind !== "ok" || !isRecord(artifact.extract.frontmatter)) return [diag("missing-required-integrity", "trusted-runtime requires frontmatter")];
-  return checkTrustedRuntimePolicy(artifact.extract.frontmatter, policy.value, Array.isArray(entry["verified-identities"]) ? entry["verified-identities"] : []);
+  const artifact2 = readArtifact(resolve(suite, String(entry.path)));
+  if (!artifact2.ok || artifact2.extract.kind !== "ok" || !isRecord(artifact2.extract.frontmatter))
+    return [diag("missing-required-integrity", "trusted-runtime requires frontmatter")];
+  return checkTrustedRuntimePolicy(
+    artifact2.extract.frontmatter,
+    policy.value,
+    Array.isArray(entry["verified-identities"]) ? entry["verified-identities"] : []
+  );
 }
 function checkTrustedRuntimePolicy(fm, policy, verifiedIdentities) {
   if (!isRecord(fm.integrity)) return [diag("missing-required-integrity", "trusted-runtime requires integrity")];
-  if (!Array.isArray(fm.signatures) || fm.signatures.length === 0) return [diag("missing-required-signature", "trusted-runtime requires signatures[]")];
+  if (!Array.isArray(fm.signatures) || fm.signatures.length === 0)
+    return [diag("missing-required-signature", "trusted-runtime requires signatures[]")];
   const digestErrors = checkSignatureDigestEquality(fm);
   if (digestErrors.length) return digestErrors;
   const trusted = /* @__PURE__ */ new Set();
@@ -10740,7 +11207,9 @@ function checkTrustedRuntimePolicy(fm, policy, verifiedIdentities) {
     }
     if (sig.signer.startsWith("sigstore-oidc:")) {
       const issuer = sig.signer.slice("sigstore-oidc:".length);
-      const identity = verifiedIdentities.find((item) => isRecord(item) && item.type === "sigstore-oidc" && item["signature-index"] === index);
+      const identity = verifiedIdentities.find(
+        (item) => isRecord(item) && item.type === "sigstore-oidc" && item["signature-index"] === index
+      );
       if (isRecord(identity) && identity.issuer === issuer && policyAllowsSigstore(policy, identity)) {
         trusted.add(`sigstore-oidc:${identity.issuer}
 ${identity.subject}`);
@@ -10749,23 +11218,28 @@ ${identity.subject}`);
   }
   if (trusted.size === 0) return [diag("no-trusted-signature", "no signature matched the trust policy")];
   const minSignatures = isRecord(policy) && Number.isInteger(policy.minSignatures) ? Number(policy.minSignatures) : 1;
-  if (trusted.size < minSignatures) return [diag("insufficient-trusted-signatures", `${trusted.size} trusted signer identities < ${minSignatures}`)];
+  if (trusted.size < minSignatures)
+    return [diag("insufficient-trusted-signatures", `${trusted.size} trusted signer identities < ${minSignatures}`)];
   return [];
 }
 function policyAllowsDidWeb(policy, domain) {
   return isRecord(policy) && Array.isArray(policy.trustedSigners) && policy.trustedSigners.some((s) => isRecord(s) && s.type === "did-web" && s.domain === domain);
 }
 function policyAllowsSigstore(policy, identity) {
-  return isRecord(policy) && Array.isArray(policy.trustedSigners) && policy.trustedSigners.some((s) => isRecord(s) && s.type === "sigstore-oidc" && s.issuer === identity.issuer && s.subject === identity.subject);
+  return isRecord(policy) && Array.isArray(policy.trustedSigners) && policy.trustedSigners.some(
+    (s) => isRecord(s) && s.type === "sigstore-oidc" && s.issuer === identity.issuer && s.subject === identity.subject
+  );
 }
 function atomicWrite(path, bytes) {
   const destination = resolve(path);
   const dir = dirname(destination);
   mkdirSync(dir, { recursive: true });
-  const temp = join(dir, ".mda-tmp");
+  const temp = join(dir, `.mda-${process.pid}-${Date.now()}-${randomBytes(8).toString("hex")}.tmp`);
   let fd = null;
+  let createdTemp = false;
   try {
     fd = openSync(temp, "wx", 384);
+    createdTemp = true;
     writeFileSync(fd, bytes);
     closeSync(fd);
     fd = null;
@@ -10777,7 +11251,32 @@ function atomicWrite(path, bytes) {
       } catch {
       }
     }
-    rmSync(temp, { force: true });
+    if (createdTemp) rmSync(temp, { force: true });
+  }
+}
+function atomicReplace(path, bytes) {
+  const destination = resolve(path);
+  const dir = dirname(destination);
+  mkdirSync(dir, { recursive: true });
+  const temp = join(dir, `.mda-${process.pid}-${Date.now()}-${randomBytes(8).toString("hex")}.tmp`);
+  let fd = null;
+  let createdTemp = false;
+  try {
+    fd = openSync(temp, "wx", 384);
+    createdTemp = true;
+    writeFileSync(fd, bytes);
+    closeSync(fd);
+    fd = null;
+    renameSync(temp, destination);
+    createdTemp = false;
+  } finally {
+    if (fd !== null) {
+      try {
+        closeSync(fd);
+      } catch {
+      }
+    }
+    if (createdTemp) rmSync(temp, { force: true });
   }
 }
 function readText(path) {
@@ -10787,6 +11286,47 @@ function readText(path) {
     return { ok: false, message: error instanceof Error ? error.message : String(error) };
   }
 }
+function listExpectedTree(root) {
+  const files = [];
+  const walk2 = (dir) => {
+    for (const entry of readdirSync(dir, { withFileTypes: true })) {
+      const path = join(dir, entry.name);
+      if (entry.isDirectory()) walk2(path);
+      else if (entry.isFile()) files.push(path);
+    }
+  };
+  try {
+    walk2(root);
+    return { ok: true, files: files.sort() };
+  } catch (error) {
+    return {
+      ok: false,
+      diagnostic: diag("conformance.expected_missing", error instanceof Error ? error.message : String(error), { path: root })
+    };
+  }
+}
+function normalizeConformanceOutput(path, text) {
+  if (path.endsWith(".json")) {
+    try {
+      return { ok: true, bytes: jcs(JSON.parse(text)) };
+    } catch (error) {
+      return {
+        ok: false,
+        diagnostic: diag("conformance.expected_invalid_json", error instanceof Error ? error.message : String(error), { path })
+      };
+    }
+  }
+  if (path.endsWith(".md") || path.endsWith(".mda")) {
+    const extract = extractFrontmatterStrict(Buffer.from(text));
+    if (extract.kind === "error") return { ok: false, diagnostic: diag(extract.code, extract.message, { path }) };
+    if (extract.kind === "no-frontmatter") return { ok: true, bytes: normalizeCanonicalBody(extract.body) };
+    return { ok: true, bytes: `---
+${jcs(extract.frontmatter)}
+---
+${normalizeCanonicalBody(extract.body.replace(/^\n+/, ""))}` };
+  }
+  return { ok: true, bytes: text.replace(/\r\n/g, "\n").replace(/\r/g, "\n") };
+}
 function readJson(path) {
   try {
     return { ok: true, value: JSON.parse(readFileSync(path, "utf8")) };
@@ -10826,117 +11366,31 @@ function isRecord(value) {
   return typeof value === "object" && value !== null && !Array.isArray(value);
 }
 
-// src/cli.ts
-var HELP = `Markdown AI CLI (@markdown-ai/cli)
-
-Usage:
-  mda
-  mda --help
-  mda init <name> [--out <file>] [--json]
-  mda validate <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--json]
-  mda compile <file.mda> --target <target...> [--out-dir <dir>] [--integrity] [--json]
-  mda canonicalize <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--json]
-  mda integrity compute <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--algorithm sha256|sha384|sha512] [--json]
-  mda integrity verify <file> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--json]
-  mda sign <file> --method did-web --key <path> --identity <domain> (--out <file>|--in-place) [--json]
-  mda verify <file> --policy <path> [--target source|SKILL.md|AGENTS.md|MCP-SERVER.md|auto] [--sidecar <path>] [--json]
-  mda conformance [--suite <path>] [--level V|C] [--json]
-
-Global flags:
-  --json       Print stable JSON only on stdout.
-  --quiet      Suppress non-essential human output.
-  --verbose    Include extra diagnostic context where available.
-  --no-color   Disable ANSI color.
-  -h, --help   Print this full help.
-
-Commands and options:
-  init <name>
-    --out <file>                 Write the scaffold atomically. Refuses overwrite.
-    --json                       Return scaffold in JSON instead of raw .mda text.
-
-  validate <file>
-    --target <target>            source, SKILL.md, AGENTS.md, MCP-SERVER.md, or auto. Default: auto.
-
-  compile <file.mda>
-    --target <target...>         Required. One or more of SKILL.md, AGENTS.md, MCP-SERVER.md.
-    --out-dir <dir>              Output directory. Default: current working directory.
-    --integrity                  Add sha256 integrity to emitted artifacts.
-
-  canonicalize <file>
-    --target <target>            Default: auto.
-    --sidecar <path>             Required only for MCP-SERVER.md multi-file canonical bytes.
-
-  integrity compute <file>
-    --target <target>            Default: auto.
-    --sidecar <path>             Required only for MCP-SERVER.md.
-    --algorithm <name>           sha256, sha384, or sha512. Default: sha256.
-
-  integrity verify <file>
-    --target <target>            Default: auto.
-    --sidecar <path>             Required only for MCP-SERVER.md.
-
-  verify <file>
-    --policy <path>              Required trust policy JSON.
-    --target <target>            Default: auto.
-    --sidecar <path>             Required only for MCP-SERVER.md.
-    --offline                    Unsupported in this MVP; exits with usage error.
-
-  sign <file>
-    --method did-web             Required. Signing is not yet stable in this MVP.
-    --key <path>                 Required.
-    --identity <domain>          Required.
-    --out <file>                 Write signed output.
-    --in-place                   Replace the input file.
-
-Examples:
-  mda init hello-skill --out hello.mda
-  mda validate hello.mda --json
-  mda compile hello.mda --target SKILL.md AGENTS.md MCP-SERVER.md --out-dir out --integrity
-  mda canonicalize out/SKILL.md --target SKILL.md --json
-  mda integrity compute out/SKILL.md --target SKILL.md --algorithm sha256 --json
-  mda integrity verify out/SKILL.md --target SKILL.md
-  mda verify signed.md --policy policy.json --json
-  mda conformance --suite conformance --level V --json
+// src/cli/constants.ts
+var DIGEST_ALGORITHMS = /* @__PURE__ */ new Set(["sha256", "sha384", "sha512"]);
+var CLI_VERSION = "1.1.0";
+var LLMIX_PROVIDERS2 = /* @__PURE__ */ new Set([
+  "openai",
+  "anthropic",
+  "google",
+  "deepseek",
+  "openrouter",
+  "deepinfra",
+  "novita",
+  "together",
+  "sno-gpu"
+]);
+var LLMIX_MODULE_NAME2 = /^(?:_default|[a-z][a-z0-9_]{0,63})$/;
+var LLMIX_PRESET_NAME2 = /^(?:_base[a-z0-9_]*|[a-z][a-z0-9_]{0,63})$/;
+var INTEGRITY_PAYLOAD_TYPE = "application/vnd.mda.integrity+json";
+var GITHUB_ACTIONS_ISSUER = "https://token.actions.githubusercontent.com";
+var GITHUB_REPOSITORY = /^[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+$/;
+var GITHUB_REF = /^refs\/(?:heads|tags)\/\S+$/;
+var SIGSTORE_REKOR_URL = "https://rekor.sigstore.dev";
+var DIGEST_PATTERN = /^sha(?:256|384|512):[a-f0-9]+$/;
+var LLMIX_SNIPPET_FORMATS = /* @__PURE__ */ new Set(["json", "env", "kubernetes", "github-actions", "terraform", "typescript", "python", "rust"]);
 
-Exit codes:
-  0  Success.
-  1  Valid command, but artifact validation or verification failed.
-  2  CLI usage error: missing argument, unknown flag, ambiguous target.
-  3  IO or configuration error: missing file, overwrite refusal, unreadable policy.
-  4  Internal bug or invariant failure.
-`;
-var DIGEST_ALGORITHMS = /* @__PURE__ */ new Set(["sha256", "sha384", "sha512"]);
-async function main() {
-  const { globals, args } = splitGlobals(process.argv.slice(2));
-  try {
-    if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
-      process.stdout.write(HELP);
-      process.exit(EXIT.ok);
-    }
-    const command = args[0];
-    const rest = args.slice(1);
-    const result = await runCommand(command, rest, globals);
-    writeResult(result, globals);
-    process.exit(result.exitCode);
-  } catch (error) {
-    const result = commandResult(false, "internal", EXIT.internal, [
-      diag("internal-error", error instanceof Error ? error.message : String(error))
-    ]);
-    writeResult(result, globals);
-    process.exit(result.exitCode);
-  }
-}
-async function runCommand(command, args, globals) {
-  if (command === "init") return runInit(args, globals);
-  if (command === "validate") return runValidate(args);
-  if (command === "compile") return runCompile(args);
-  if (command === "canonicalize") return runCanonicalize(args, globals);
-  if (command === "integrity") return runIntegrity(args);
-  if (command === "verify") return runVerify(args);
-  if (command === "sign") return runSign(args);
-  if (command === "conformance") return runConformance(args);
-  return usage("root", `Unknown command: ${command}`);
-}
+// src/cli/shared.ts
 function writeResult(result, globals) {
   if (globals.json) {
     process.stdout.write(`${JSON.stringify(result, null, 2)}
@@ -10950,25 +11404,83 @@ function writeResult(result, globals) {
 `);
     else process.stdout.write(`ok: ${result.command}
 `);
+    writeNextActions(result, globals);
     return;
   }
   for (const d of result.diagnostics) {
     process.stderr.write(`${d.code}: ${d.message}
 `);
   }
+  writeNextActions(result, globals, process.stderr);
 }
 function splitGlobals(argv) {
-  const globals = { json: false, quiet: false, verbose: false, color: true };
+  const globals = { json: false, quiet: false, verbose: false, color: true, noNext: false };
   const args = [];
   for (const arg of argv) {
     if (arg === "--json") globals.json = true;
     else if (arg === "--quiet") globals.quiet = true;
     else if (arg === "--verbose") globals.verbose = true;
     else if (arg === "--no-color") globals.color = false;
+    else if (arg === "--no-next") globals.noNext = true;
     else args.push(arg);
   }
   return { globals, args };
 }
+function writeNextActions(result, globals, stream = process.stdout) {
+  if (globals.noNext || result.nextActions.length === 0) return;
+  stream.write("Next:\n");
+  for (const action of result.nextActions) {
+    const marker = action.required ? "-" : "- optional:";
+    if (action.command) stream.write(`${marker} ${action.reason}: ${action.command}
+`);
+    else if (action.external) stream.write(`${marker} ${action.reason}: ${action.external}
+`);
+    else stream.write(`${marker} ${action.reason}
+`);
+  }
+}
+function nextAction(id, reason, command, required = true) {
+  return { id, required, reason, command };
+}
+function externalNextAction(id, reason, external, required = true) {
+  return { id, required, reason, external };
+}
+function artifact(kind, path, target, digest) {
+  return { kind, path, target, digest };
+}
+function nextAfterValidate(file, target) {
+  if (target === "source") {
+    return [
+      nextAction(
+        "compile-source",
+        "Compile the source into runtime Markdown",
+        `mda compile ${file} --target SKILL.md AGENTS.md --out-dir out --integrity`
+      )
+    ];
+  }
+  return [nextAction("verify-integrity", "Verify declared integrity before use", `mda integrity verify ${file} --target ${target}`, false)];
+}
+function nextAfterCompile(paths) {
+  const markdown = paths.find((path) => path.endsWith("SKILL.md") || path.endsWith("AGENTS.md") || path.endsWith("MCP-SERVER.md"));
+  if (!markdown) return [];
+  const target = targetForPath(markdown);
+  if (!target) return [];
+  return [
+    nextAction("validate-output", "Validate the first compiled output", `mda validate ${markdown} --target ${target}`),
+    nextAction(
+      "verify-output-integrity",
+      "Verify compiled output integrity before publishing",
+      `mda integrity verify ${markdown} --target ${target}`,
+      false
+    )
+  ];
+}
+function targetForPath(path) {
+  if (path.endsWith("SKILL.md")) return "SKILL.md";
+  if (path.endsWith("AGENTS.md")) return "AGENTS.md";
+  if (path.endsWith("MCP-SERVER.md")) return "MCP-SERVER.md";
+  return void 0;
+}
 function parseOptions(args) {
   const positional = [];
   const options = /* @__PURE__ */ new Map();
@@ -10979,7 +11491,47 @@ function parseOptions(args) {
       positional.push(arg);
       continue;
     }
-    if (["--out", "--target", "--out-dir", "--sidecar", "--algorithm", "--suite", "--level", "--policy", "--method", "--key", "--identity"].includes(arg)) {
+    if ([
+      "--out",
+      "--target",
+      "--out-dir",
+      "--sidecar",
+      "--algorithm",
+      "--suite",
+      "--level",
+      "--policy",
+      "--did-document",
+      "--profile",
+      "--did",
+      "--key-id",
+      "--key-file",
+      "--method",
+      "--key",
+      "--identity",
+      "--template",
+      "--module",
+      "--preset",
+      "--provider",
+      "--model",
+      "--domain",
+      "--min-signatures",
+      "--repo",
+      "--workflow",
+      "--ref",
+      "--offline-sigstore-fixture",
+      "--source",
+      "--registry-dir",
+      "--registry-root",
+      "--release-plan",
+      "--manifest",
+      "--format",
+      "--snippet-format",
+      "--snippet-out",
+      "--expected-root-digest",
+      "--minimum-revision",
+      "--minimum-published-at",
+      "--high-watermark"
+    ].includes(arg)) {
       const values = [];
       i += 1;
       while (i < args.length && !args[i].startsWith("--")) {
@@ -10992,7 +11544,7 @@ function parseOptions(args) {
       options.set(arg, [...options.get(arg) ?? [], ...values]);
       continue;
     }
-    if (["--integrity", "--in-place", "--offline"].includes(arg)) {
+    if (["--integrity", "--in-place", "--offline", "--write", "--rekor", "--derive-root-digest", "--strict-compat"].includes(arg)) {
       flags.add(arg);
       continue;
     }
@@ -11015,10 +11567,15 @@ function unknownOptions(parsed, allowed) {
   }
   return null;
 }
+
+// src/cli/core-commands.ts
 function runInit(args, globals) {
   const parsed = parseOptions(args);
-  const err = unknownOptions(parsed, ["--out"]);
+  const err = unknownOptions(parsed, ["--out", "--template", "--module", "--preset", "--provider", "--model"]);
   if (err) return usage("init", err);
+  const template = oneOption(parsed.options, "--template");
+  if (template && template !== "llmix-preset") return usage("init", `Unsupported template: ${template}`);
+  if (template === "llmix-preset") return runInitLlmixPreset(parsed, globals);
   if (parsed.positional.length !== 1) return usage("init", "Expected exactly one name: mda init <name>");
   const name = parsed.positional[0];
   const scaffold = makeScaffold(name);
@@ -11039,15 +11596,115 @@ function runInit(args, globals) {
     }
   }
   if (globals.json) {
-    return commandResult(true, "init", EXIT.ok, [], { name, scaffold, out, written: Boolean(out) });
+    return commandResult(true, "init", EXIT.ok, [], {
+      summary: out ? `Created MDA source at ${out}` : "Generated MDA source scaffold",
+      artifacts: out ? [artifact("mda-source", out, "source")] : [],
+      nextActions: out ? [nextAction("validate-source", "Validate the source file", `mda validate ${out} --target source`)] : [externalNextAction("save-source", "Save this scaffold to a .mda file", "write the scaffold bytes to disk")],
+      name,
+      scaffold,
+      out,
+      written: Boolean(out)
+    });
   }
   return commandResult(true, "init", EXIT.ok, [], {
+    summary: out ? `Created MDA source at ${out}` : "Generated MDA source scaffold",
+    artifacts: out ? [artifact("mda-source", out, "source")] : [],
+    nextActions: out ? [nextAction("validate-source", "Validate the source file", `mda validate ${out} --target source`)] : [],
     message: out ? `wrote ${out}` : scaffold,
     name,
     out,
     written: Boolean(out)
   });
 }
+function runInitLlmixPreset(parsed, globals) {
+  if (parsed.positional.length !== 0) return usage("init", "LLMix preset init does not take a positional name");
+  const moduleName = oneOption(parsed.options, "--module");
+  const presetName = oneOption(parsed.options, "--preset");
+  const provider = oneOption(parsed.options, "--provider");
+  const model = oneOption(parsed.options, "--model");
+  const out = oneOption(parsed.options, "--out");
+  const diagnostics = [];
+  if (!moduleName || !LLMIX_MODULE_NAME2.test(moduleName))
+    diagnostics.push(diag("llmix.invalid_identifier", "--module must be _default or a lowercase snake_case identifier"));
+  if (!presetName || !LLMIX_PRESET_NAME2.test(presetName))
+    diagnostics.push(diag("llmix.invalid_identifier", "--preset must be _base* or a lowercase snake_case identifier"));
+  if (!provider || !LLMIX_PROVIDERS2.has(provider))
+    diagnostics.push(diag("llmix.invalid_provider", "--provider must be a supported LLMix provider"));
+  if (!model || model.trim().length === 0)
+    diagnostics.push(diag("llmix.invalid_model", "--model must be a non-empty provider model identifier"));
+  if (diagnostics.length > 0) {
+    return commandResult(false, "init", EXIT.usage, diagnostics, {
+      summary: "LLMix preset scaffold options are invalid",
+      nextActions: [
+        nextAction(
+          "fix-llmix-init",
+          "Fix the LLMix preset options and retry",
+          "mda init --template llmix-preset --module search_summary --preset openai_fast --provider openai --model gpt-5-mini --out search_summary/openai_fast.mda"
+        )
+      ]
+    });
+  }
+  const scaffold = makeLlmixPresetScaffold(moduleName, presetName, provider, model);
+  if (out) {
+    if (existsSync2(out)) {
+      return ioError("init", `Refusing to overwrite existing file: ${out}`, {
+        module: moduleName,
+        preset: presetName,
+        scaffold: globals.json ? scaffold : void 0,
+        out,
+        written: false
+      });
+    }
+    try {
+      atomicWrite(out, scaffold);
+    } catch (error) {
+      return ioError("init", error instanceof Error ? error.message : String(error), {
+        module: moduleName,
+        preset: presetName,
+        out,
+        written: false
+      });
+    }
+  }
+  const nextActions = out ? [
+    nextAction("validate-llmix-source", "Validate the LLMix source file", `mda validate ${out} --target source`),
+    nextAction("write-integrity", "Record integrity before release", `mda integrity compute ${out} --target source --write`, false)
+  ] : [
+    externalNextAction(
+      "save-llmix-source",
+      "Save this scaffold to a .mda file under the module directory",
+      "write the scaffold bytes to disk"
+    )
+  ];
+  if (globals.json) {
+    return commandResult(true, "init", EXIT.ok, [], {
+      summary: out ? `Created LLMix preset source at ${out}` : "Generated LLMix preset scaffold",
+      artifacts: out ? [artifact("mda-source", out, "source")] : [],
+      nextActions,
+      template: "llmix-preset",
+      module: moduleName,
+      preset: presetName,
+      provider,
+      model,
+      scaffold,
+      out,
+      written: Boolean(out)
+    });
+  }
+  return commandResult(true, "init", EXIT.ok, [], {
+    summary: out ? `Created LLMix preset source at ${out}` : "Generated LLMix preset scaffold",
+    artifacts: out ? [artifact("mda-source", out, "source")] : [],
+    nextActions: out ? nextActions : [],
+    message: out ? `wrote ${out}` : scaffold,
+    template: "llmix-preset",
+    module: moduleName,
+    preset: presetName,
+    provider,
+    model,
+    out,
+    written: Boolean(out)
+  });
+}
 function runValidate(args) {
   const parsed = parseOptions(args);
   const err = unknownOptions(parsed, ["--target"]);
@@ -11060,6 +11717,15 @@ function runValidate(args) {
   if (!targetResult.ok) return targetResult.result("validate", file);
   const validation = validateArtifact(file, targetResult.target);
   return commandResult(validation.ok, "validate", validation.ok ? EXIT.ok : EXIT.failure, validation.diagnostics, {
+    summary: validation.ok ? `${targetResult.target} validation passed` : `${targetResult.target} validation failed`,
+    artifacts: [artifact("validated-artifact", file, targetResult.target)],
+    nextActions: validation.ok ? nextAfterValidate(file, targetResult.target) : [
+      nextAction(
+        "fix-validation",
+        "Fix the reported diagnostics and re-run validation",
+        `mda validate ${file} --target ${targetResult.target}`
+      )
+    ],
     file,
     target: targetResult.target
   });
@@ -11077,13 +11743,35 @@ function runCanonicalize(args, globals) {
   const sidecar = oneOption(parsed.options, "--sidecar");
   const can = canonicalizeFromFile(file, targetResult.target, sidecar);
   if (!can.ok) {
-    return commandResult(false, "canonicalize", can.exitCode, can.diagnostics, { file, target: targetResult.target, files: can.files });
+    return commandResult(false, "canonicalize", can.exitCode, can.diagnostics, {
+      summary: "Canonicalization failed",
+      nextActions: [
+        nextAction(
+          "fix-canonicalization",
+          "Fix the reported diagnostics and retry",
+          `mda canonicalize ${file} --target ${targetResult.target}`
+        )
+      ],
+      file,
+      target: targetResult.target,
+      files: can.files
+    });
   }
   if (!globals.json) {
     process.stdout.write(can.bytes);
     return commandResult(true, "canonicalize", EXIT.ok, [], { suppressOutput: true });
   }
   return commandResult(true, "canonicalize", EXIT.ok, [], {
+    summary: "Canonical bytes generated",
+    artifacts: [artifact("canonical-bytes", file, targetResult.target)],
+    nextActions: [
+      nextAction(
+        "compute-integrity",
+        "Compute an integrity digest for these bytes",
+        `mda integrity compute ${file} --target ${targetResult.target}`,
+        false
+      )
+    ],
     file,
     target: targetResult.target,
     files: can.files,
@@ -11095,7 +11783,7 @@ function runIntegrity(args) {
   const sub = args[0];
   if (sub !== "compute" && sub !== "verify") return usage("integrity", "Expected subcommand: integrity compute|verify");
   const parsed = parseOptions(args.slice(1));
-  const err = unknownOptions(parsed, ["--target", "--sidecar", "--algorithm"]);
+  const err = unknownOptions(parsed, ["--target", "--sidecar", "--algorithm", "--write"]);
   if (err) return usage(`integrity ${sub}`, err);
   if (parsed.positional.length !== 1) return usage(`integrity ${sub}`, `Expected one file: mda integrity ${sub} <file>`);
   const file = parsed.positional[0];
@@ -11105,12 +11793,125 @@ function runIntegrity(args) {
   if (!targetResult.ok) return targetResult.result(`integrity ${sub}`, file);
   const sidecar = oneOption(parsed.options, "--sidecar");
   const can = canonicalizeFromFile(file, targetResult.target, sidecar);
-  if (!can.ok) return commandResult(false, `integrity ${sub}`, can.exitCode, can.diagnostics, { file, target: targetResult.target, files: can.files });
+  if (!can.ok)
+    return commandResult(false, `integrity ${sub}`, can.exitCode, can.diagnostics, {
+      summary: `integrity ${sub} failed`,
+      nextActions: [
+        nextAction(
+          "fix-integrity-input",
+          "Fix the reported diagnostics and retry",
+          `mda integrity ${sub} ${file} --target ${targetResult.target}`
+        )
+      ],
+      file,
+      target: targetResult.target,
+      files: can.files
+    });
   if (sub === "compute") {
+    if (parsed.flags.has("--write") && parsed.options.has("--sidecar") && targetResult.target !== "MCP-SERVER.md") {
+      return usage("integrity compute", "--sidecar is only valid with MCP-SERVER.md");
+    }
     const algorithm = oneOption(parsed.options, "--algorithm") ?? "sha256";
     if (!DIGEST_ALGORITHMS.has(algorithm)) return usage("integrity compute", `Unsupported algorithm: ${algorithm}`);
     const digest = computeDigest(can.bytes, algorithm);
+    if (parsed.flags.has("--write")) {
+      const ext2 = readArtifact(file);
+      if (!ext2.ok || ext2.extract.kind !== "ok" || !isRecord(ext2.extract.frontmatter)) {
+        return commandResult(
+          false,
+          "integrity compute",
+          EXIT.failure,
+          [diag("missing-required-frontmatter", "Integrity write requires frontmatter")],
+          {
+            summary: "Integrity write failed",
+            nextActions: [
+              nextAction(
+                "fix-frontmatter",
+                "Add frontmatter and retry integrity write",
+                `mda validate ${file} --target ${targetResult.target}`
+              )
+            ],
+            file,
+            target: targetResult.target,
+            files: can.files
+          }
+        );
+      }
+      const existing = ext2.extract.frontmatter.integrity;
+      if (isRecord(existing) && (existing.algorithm !== algorithm || existing.digest !== digest)) {
+        return commandResult(
+          false,
+          "integrity compute",
+          EXIT.failure,
+          [
+            diag(
+              "integrity.existing_mismatch",
+              "Existing integrity differs from the computed digest; remove it intentionally before rewriting"
+            )
+          ],
+          {
+            summary: "Existing integrity does not match computed digest",
+            nextActions: [
+              nextAction(
+                "inspect-integrity",
+                "Inspect or remove the stale integrity field before retrying",
+                `mda integrity verify ${file} --target ${targetResult.target}`
+              )
+            ],
+            file,
+            target: targetResult.target,
+            files: can.files,
+            algorithm,
+            digest,
+            written: false
+          }
+        );
+      }
+      let written = false;
+      if (!isRecord(existing)) {
+        const frontmatter = { ...ext2.extract.frontmatter, integrity: { algorithm, digest } };
+        try {
+          atomicReplace(file, renderArtifact(frontmatter, ext2.extract.body));
+          written = true;
+        } catch (error) {
+          return ioError("integrity compute", error instanceof Error ? error.message : String(error), {
+            file,
+            target: targetResult.target,
+            algorithm,
+            digest,
+            written: false
+          });
+        }
+      }
+      return commandResult(true, "integrity compute", EXIT.ok, [], {
+        summary: written ? `Wrote ${algorithm} integrity` : "Integrity already matches",
+        artifacts: [artifact("integrity-updated", file, targetResult.target, digest)],
+        nextActions: [
+          nextAction(
+            "verify-integrity",
+            "Verify the recorded integrity before release",
+            `mda integrity verify ${file} --target ${targetResult.target}`
+          )
+        ],
+        message: written ? `wrote integrity to ${file}` : "integrity already matches",
+        file,
+        target: targetResult.target,
+        files: can.files,
+        algorithm,
+        digest,
+        written
+      });
+    }
     return commandResult(true, "integrity compute", EXIT.ok, [], {
+      summary: `Computed ${algorithm} digest`,
+      artifacts: [artifact("canonical-digest", file, targetResult.target, digest)],
+      nextActions: [
+        externalNextAction(
+          "record-integrity",
+          "Record this digest in the artifact integrity field",
+          "update frontmatter.integrity before publishing"
+        )
+      ],
       message: digest,
       file,
       target: targetResult.target,
@@ -11121,46 +11922,100 @@ function runIntegrity(args) {
   }
   const ext = readArtifact(file);
   if (!ext.ok || ext.extract.kind !== "ok" || !isRecord(ext.extract.frontmatter)) {
-    return commandResult(false, "integrity verify", EXIT.failure, [diag("missing-required-frontmatter", "Integrity verification requires frontmatter")], {
-      file,
-      target: targetResult.target,
-      files: can.files
-    });
+    return commandResult(
+      false,
+      "integrity verify",
+      EXIT.failure,
+      [diag("missing-required-frontmatter", "Integrity verification requires frontmatter")],
+      {
+        file,
+        target: targetResult.target,
+        files: can.files
+      }
+    );
   }
   const integrity = ext.extract.frontmatter.integrity;
   if (!isRecord(integrity) || typeof integrity.algorithm !== "string" || typeof integrity.digest !== "string") {
-    return commandResult(false, "integrity verify", EXIT.failure, [diag("missing-required-integrity", "Artifact has no declared integrity")], {
-      file,
-      target: targetResult.target,
-      files: can.files
-    });
+    return commandResult(
+      false,
+      "integrity verify",
+      EXIT.failure,
+      [diag("missing-required-integrity", "Artifact has no declared integrity")],
+      {
+        file,
+        target: targetResult.target,
+        files: can.files
+      }
+    );
   }
   if (!DIGEST_ALGORITHMS.has(integrity.algorithm)) {
-    return commandResult(false, "integrity verify", EXIT.failure, [diag("unsupported-integrity-algorithm", `Unsupported integrity algorithm: ${integrity.algorithm}`)], {
-      file,
-      target: targetResult.target,
-      files: can.files,
-      algorithm: integrity.algorithm
-    });
+    return commandResult(
+      false,
+      "integrity verify",
+      EXIT.failure,
+      [diag("unsupported-integrity-algorithm", `Unsupported integrity algorithm: ${integrity.algorithm}`)],
+      {
+        file,
+        target: targetResult.target,
+        files: can.files,
+        algorithm: integrity.algorithm
+      }
+    );
   }
   const expected = computeDigest(can.bytes, integrity.algorithm);
   const ok = expected === integrity.digest;
-  return commandResult(ok, "integrity verify", ok ? EXIT.ok : EXIT.failure, ok ? [] : [
-    diag("integrity-mismatch", `Declared digest ${integrity.digest} does not match recomputed ${expected}`)
-  ], {
-    file,
-    target: targetResult.target,
-    files: can.files,
-    algorithm: integrity.algorithm,
-    expected,
-    declared: integrity.digest
-  });
+  return commandResult(
+    ok,
+    "integrity verify",
+    ok ? EXIT.ok : EXIT.failure,
+    ok ? [] : [diag("integrity-mismatch", `Declared digest ${integrity.digest} does not match recomputed ${expected}`)],
+    {
+      summary: ok ? "Integrity verification passed" : "Integrity verification failed",
+      artifacts: [artifact("verified-artifact", file, targetResult.target, expected)],
+      nextActions: ok ? [
+        nextAction(
+          "validate-artifact",
+          "Validate the artifact before use",
+          `mda validate ${file} --target ${targetResult.target}`,
+          false
+        )
+      ] : [
+        nextAction(
+          "recompute-integrity",
+          "Recompute the digest after fixing the file",
+          `mda integrity compute ${file} --target ${targetResult.target}`
+        )
+      ],
+      file,
+      target: targetResult.target,
+      files: can.files,
+      algorithm: integrity.algorithm,
+      expected,
+      declared: integrity.digest
+    }
+  );
 }
 function runCompile(args) {
   const parsed = parseOptions(args);
-  const err = unknownOptions(parsed, ["--target", "--out-dir", "--integrity", "--method", "--key", "--identity", "--out", "--in-place"]);
+  const signingOptions = [
+    "--method",
+    "--key",
+    "--identity",
+    "--profile",
+    "--did",
+    "--key-id",
+    "--key-file",
+    "--repo",
+    "--workflow",
+    "--ref",
+    "--rekor",
+    "--offline-sigstore-fixture",
+    "--out",
+    "--in-place"
+  ];
+  const err = unknownOptions(parsed, ["--target", "--out-dir", "--integrity", "--manifest", "--strict-compat", ...signingOptions]);
   if (err) return usage("compile", err);
-  if (parsed.options.has("--method") || parsed.options.has("--key") || parsed.options.has("--identity") || parsed.options.has("--out") || parsed.flags.has("--in-place")) {
+  if (signingOptions.some((option) => parsed.options.has(option) || parsed.flags.has(option))) {
     return usage("compile", "Compile does not sign artifacts. Run mda sign as a separate explicit step.");
   }
   if (parsed.positional.length !== 1) return usage("compile", "Expected one source file: mda compile <file.mda> --target <target...>");
@@ -11170,24 +12025,117 @@ function runCompile(args) {
   const file = parsed.positional[0];
   const sourceValidation = validateArtifact(file, "source");
   if (!sourceValidation.ok) {
-    return commandResult(false, "compile", EXIT.failure, sourceValidation.diagnostics, { file, target: "source" });
+    return commandResult(false, "compile", EXIT.failure, sourceValidation.diagnostics, {
+      summary: "Source validation failed before compile",
+      nextActions: [
+        nextAction("validate-source", "Fix source validation errors and re-run validation", `mda validate ${file} --target source`)
+      ],
+      file,
+      target: "source"
+    });
   }
   const read = readArtifact(file);
   if (!read.ok || read.extract.kind !== "ok" || !isRecord(read.extract.frontmatter)) {
-    return commandResult(false, "compile", EXIT.failure, [diag("missing-required-frontmatter", "Source must contain frontmatter")], { file, target: "source" });
+    return commandResult(false, "compile", EXIT.failure, [diag("missing-required-frontmatter", "Source must contain frontmatter")], {
+      summary: "Source frontmatter is required before compile",
+      nextActions: [
+        nextAction("fix-source-frontmatter", "Add source frontmatter and re-run validation", `mda validate ${file} --target source`)
+      ],
+      file,
+      target: "source"
+    });
   }
   const outDir = oneOption(parsed.options, "--out-dir") ?? process.cwd();
+  const manifestPath = oneOption(parsed.options, "--manifest");
+  const strictCompat = parsed.flags.has("--strict-compat");
   const includeIntegrity = parsed.flags.has("--integrity") || isRecord(read.extract.frontmatter.integrity);
   const staged = compileTargets(read.extract.frontmatter, read.extract.body, targets, outDir, includeIntegrity);
-  if (!staged.ok) return commandResult(false, "compile", EXIT.failure, staged.diagnostics, { file, outDir, planned: staged.planned });
+  if (!staged.ok)
+    return commandResult(false, "compile", EXIT.failure, staged.diagnostics, {
+      summary: "Compile planning failed",
+      nextActions: [
+        nextAction(
+          "fix-compile-input",
+          "Fix the reported diagnostics and retry compile",
+          `mda compile ${file} --target ${targets.join(" ")} --out-dir ${outDir}`
+        )
+      ],
+      file,
+      outDir,
+      planned: manifestPath ? [...staged.planned, manifestPath] : staged.planned
+    });
+  const compatibilityWarnings = compileCompatibilityWarnings(read.extract.frontmatter, targets);
+  if (strictCompat && compatibilityWarnings.length > 0) {
+    return commandResult(
+      false,
+      "compile",
+      EXIT.failure,
+      compatibilityWarnings.map((warning) => ({ ...warning, severity: "error" })),
+      {
+        summary: "Compile compatibility checks failed",
+        nextActions: [
+          nextAction(
+            "fix-compile-compatibility",
+            "Resolve compatibility diagnostics or rerun without --strict-compat",
+            `mda compile ${file} --target ${targets.join(" ")} --out-dir ${outDir}`
+          )
+        ],
+        file,
+        outDir,
+        planned: manifestPath ? [...staged.outputs.map((o) => o.path), manifestPath] : staged.outputs.map((o) => o.path),
+        written: []
+      }
+    );
+  }
   const existing = staged.outputs.find((o) => existsSync2(o.path));
-  if (existing) return ioError("compile", `Refusing to overwrite existing file: ${existing.path}`, { file, outDir, planned: staged.outputs.map((o) => o.path), written: [] });
+  if (existing)
+    return ioError("compile", `Refusing to overwrite existing file: ${existing.path}`, {
+      file,
+      outDir,
+      planned: staged.outputs.map((o) => o.path),
+      written: []
+    });
+  if (manifestPath && staged.outputs.some((output) => resolve2(output.path) === resolve2(manifestPath))) {
+    return ioError("compile", `Manifest path conflicts with a compiled output: ${manifestPath}`, {
+      file,
+      outDir,
+      planned: staged.outputs.map((o) => o.path),
+      written: []
+    });
+  }
+  if (manifestPath && existsSync2(manifestPath)) {
+    return ioError("compile", `Refusing to overwrite existing file: ${manifestPath}`, {
+      file,
+      outDir,
+      planned: [...staged.outputs.map((o) => o.path), manifestPath],
+      written: []
+    });
+  }
+  const sourceDigest = canonicalizeFromFile(file, "source", null);
+  if (!sourceDigest.ok) {
+    return commandResult(false, "compile", sourceDigest.exitCode, sourceDigest.diagnostics, {
+      summary: "Source canonicalization failed before compile manifest generation",
+      nextActions: [
+        nextAction("fix-source-canonicalization", "Fix the source and retry compile", `mda compile ${file} --target ${targets.join(" ")}`)
+      ],
+      file,
+      outDir,
+      planned: staged.outputs.map((o) => o.path),
+      written: []
+    });
+  }
+  const manifest = manifestPath ? makeCompileManifest(file, sourceDigest.bytes, read.extract.frontmatter, targets, staged.outputs, compatibilityWarnings) : null;
   const written = [];
   try {
     for (const output of staged.outputs) {
       atomicWrite(output.path, output.bytes);
       written.push(output.path);
     }
+    if (manifestPath && manifest) {
+      atomicWrite(manifestPath, `${JSON.stringify(manifest, null, 2)}
+`);
+      written.push(manifestPath);
+    }
   } catch (error) {
     const rolledBack = [];
     const rollbackDiagnostics = [];
@@ -11196,80 +12144,144 @@ function runCompile(args) {
         rmSync2(path, { force: true });
         rolledBack.push(path);
       } catch (rollbackError) {
-        rollbackDiagnostics.push(diag("rollback-error", rollbackError instanceof Error ? rollbackError.message : String(rollbackError), { path }));
+        rollbackDiagnostics.push(
+          diag("rollback-error", rollbackError instanceof Error ? rollbackError.message : String(rollbackError), { path })
+        );
       }
     }
-    return commandResult(false, "compile", EXIT.io, [
-      diag("io-error", error instanceof Error ? error.message : String(error)),
-      ...rollbackDiagnostics
-    ], {
-      file,
-      outDir,
-      planned: staged.outputs.map((o) => o.path),
-      written,
-      rolledBack
-    });
+    return commandResult(
+      false,
+      "compile",
+      EXIT.io,
+      [diag("io-error", error instanceof Error ? error.message : String(error)), ...rollbackDiagnostics],
+      {
+        summary: "Compile failed while writing outputs",
+        nextActions: [
+          nextAction(
+            "retry-compile",
+            "Fix the filesystem error and retry compile",
+            `mda compile ${file} --target ${targets.join(" ")} --out-dir ${outDir}`
+          )
+        ],
+        file,
+        outDir,
+        planned: manifestPath ? [...staged.outputs.map((o) => o.path), manifestPath] : staged.outputs.map((o) => o.path),
+        written,
+        rolledBack
+      }
+    );
   }
-  return commandResult(true, "compile", EXIT.ok, [], {
+  return commandResult(true, "compile", EXIT.ok, compatibilityWarnings, {
+    summary: `Compiled ${staged.outputs.length} file(s)`,
+    artifacts: [
+      ...staged.outputs.map((o) => artifact("compiled-output", o.path, targetForPath(o.path))),
+      ...manifestPath ? [artifact("compile-manifest", manifestPath)] : []
+    ],
+    nextActions: nextAfterCompile(staged.outputs.map((o) => o.path)),
     message: `wrote ${staged.outputs.length} file(s)`,
     file,
     target: "source",
     outDir,
-    planned: staged.outputs.map((o) => o.path),
-    written: staged.outputs.map((o) => o.path)
+    planned: manifestPath ? [...staged.outputs.map((o) => o.path), manifestPath] : staged.outputs.map((o) => o.path),
+    written
   });
 }
-function runVerify(args) {
-  const parsed = parseOptions(args);
-  const err = unknownOptions(parsed, ["--target", "--sidecar", "--policy", "--offline"]);
-  if (err) return usage("verify", err);
-  if (parsed.flags.has("--offline")) return usage("verify", "verify --offline is not a stable MVP option");
-  if (parsed.positional.length !== 1) return usage("verify", "Expected one file: mda verify <file> --policy <path>");
-  const policyPath = oneOption(parsed.options, "--policy");
-  if (!policyPath) return usage("verify", "--policy <path> is required");
-  const file = parsed.positional[0];
-  const requestedTarget = parseTarget(oneOption(parsed.options, "--target") ?? "auto");
-  if (!requestedTarget) return usage("verify", "--target must be source, SKILL.md, AGENTS.md, MCP-SERVER.md, or auto");
-  const targetResult = resolveTarget(file, requestedTarget);
-  if (!targetResult.ok) return targetResult.result("verify", file);
-  const policy = readJson(policyPath);
-  if (!policy.ok) return ioError("verify", policy.message, { file, policy: policyPath });
-  const policyValidation = validateJsonAgainst(policy.value, "trustPolicy");
-  if (!policyValidation.ok) return commandResult(false, "verify", EXIT.failure, policyValidation.diagnostics, { file, policy: policyPath });
-  const validation = validateArtifact(file, targetResult.target);
-  if (!validation.ok) return commandResult(false, "verify", EXIT.failure, validation.diagnostics, { file, target: targetResult.target, policy: policyPath });
-  const integrityArgs = ["verify", file, "--target", targetResult.target];
-  const sidecar = oneOption(parsed.options, "--sidecar");
-  if (sidecar) integrityArgs.push("--sidecar", sidecar);
-  const integrity = runIntegrity(integrityArgs);
-  if (!integrity.ok) return commandResult(false, "verify", EXIT.failure, integrity.diagnostics, { file, target: targetResult.target, policy: policyPath });
-  const artifact = readArtifact(file);
-  if (!artifact.ok || artifact.extract.kind !== "ok" || !isRecord(artifact.extract.frontmatter)) {
-    return commandResult(false, "verify", EXIT.failure, [diag("missing-required-frontmatter", "Verification requires frontmatter")], { file, target: targetResult.target, policy: policyPath });
+function makeCompileManifest(file, sourceCanonicalBytes, frontmatter, targets, outputs, warnings) {
+  const outputEntries = outputs.map((output) => ({
+    path: output.path,
+    target: targetForPath(output.path) ?? "mcp-server-sidecar",
+    digest: computeDigest(Buffer.from(output.bytes), "sha256"),
+    byteLength: Buffer.byteLength(output.bytes)
+  }));
+  return {
+    kind: "mda-compile-manifest",
+    version: 1,
+    compiler: {
+      name: "@markdown-ai/cli",
+      version: CLI_VERSION
+    },
+    source: {
+      path: file,
+      target: "source",
+      digest: computeDigest(sourceCanonicalBytes, "sha256")
+    },
+    targetProfile: targets,
+    outputs: outputEntries,
+    outputDigests: Object.fromEntries(outputEntries.map((output) => [output.path, output.digest])),
+    emittedScripts: emittedScripts(frontmatter),
+    emittedResources: outputEntries,
+    capabilitySummary: capabilitySummary(frontmatter),
+    signerIdentity: firstSignerIdentity(frontmatter),
+    warnings: warnings.map(({ code, message, severity }) => ({ code, message, severity }))
+  };
+}
+function compileCompatibilityWarnings(frontmatter, targets) {
+  const warnings = [];
+  const capabilities = capabilitySummary(frontmatter);
+  const warn = (code, message) => warnings.push({ ...diag(code, message), severity: "warning" });
+  if (frontmatter["allowed-tools"] !== void 0 && targets.some((target) => target !== "SKILL.md")) {
+    warn("compat.target_feature_loss", "allowed-tools is native only for SKILL.md and is moved to a vendor namespace for other targets");
+    warn("compat.script_permission_mismatch", "Compiled non-SKILL targets cannot enforce SKILL.md allowed-tools permissions directly");
+  }
+  if (capabilities.requires.network !== void 0)
+    warn("compat.network_degradation", "Markdown targets cannot enforce declared network capability requirements");
+  if (capabilities.requires.filesystem !== void 0)
+    warn("compat.filesystem_degradation", "Markdown targets cannot enforce declared filesystem capability requirements");
+  if (capabilities.requires.shell !== void 0 || capabilities.tools.some((tool) => /bash|shell/i.test(tool))) {
+    warn("compat.shell_degradation", "Markdown targets cannot enforce declared shell capability requirements");
+  }
+  if (capabilities.llmix) {
+    warn(
+      "compat.unsupported_runtime_policy",
+      "LLMix runtime policy must be enforced by LLMix deployment checks, not compiled Markdown alone"
+    );
+    warn("compat.llmix_namespace_not_consumed", "General Markdown runtimes do not consume metadata.snoai-llmix directly");
+  }
+  return warnings;
+}
+function capabilitySummary(frontmatter) {
+  const metadata = isRecord(frontmatter.metadata) ? frontmatter.metadata : {};
+  const mda = isRecord(metadata.mda) ? metadata.mda : {};
+  const requires = firstRecord(frontmatter.requires, mda.requires);
+  const dependsOn = Array.isArray(frontmatter["depends-on"]) ? frontmatter["depends-on"] : Array.isArray(mda["depends-on"]) ? mda["depends-on"] : [];
+  const tools = [
+    typeof frontmatter["allowed-tools"] === "string" ? frontmatter["allowed-tools"] : null,
+    ...stringArray(requires.tools)
+  ].filter((tool) => typeof tool === "string");
+  return {
+    requires,
+    dependsOnCount: dependsOn.length,
+    tools,
+    llmix: isRecord(metadata["snoai-llmix"])
+  };
+}
+function emittedScripts(frontmatter) {
+  const capabilities = capabilitySummary(frontmatter);
+  return capabilities.tools.filter((tool) => /bash|shell|python|node|tsx|ts-node/i.test(tool));
+}
+function firstSignerIdentity(frontmatter) {
+  if (!Array.isArray(frontmatter.signatures)) return null;
+  for (const signature of frontmatter.signatures) {
+    if (!isRecord(signature) || typeof signature.signer !== "string") continue;
+    return {
+      signer: signature.signer,
+      keyId: typeof signature.keyId === "string" ? signature.keyId : null,
+      payloadDigest: typeof signature["payload-digest"] === "string" ? signature["payload-digest"] : null
+    };
   }
-  if (!Array.isArray(artifact.extract.frontmatter.signatures) || artifact.extract.frontmatter.signatures.length === 0) {
-    return commandResult(false, "verify", EXIT.failure, [diag("missing-required-signature", "Verification requires signatures[]")], { file, target: targetResult.target, policy: policyPath });
+  return null;
+}
+function firstRecord(...values) {
+  for (const value of values) {
+    if (isRecord(value)) return value;
   }
-  return commandResult(false, "verify", EXIT.failure, [
-    diag("signature-verification-unavailable", "Integrity and policy shape were checked, but did:web/Sigstore cryptographic verification is not implemented in this MVP")
-  ], { file, target: targetResult.target, policy: policyPath });
+  return {};
 }
-function runSign(args) {
-  const parsed = parseOptions(args);
-  const err = unknownOptions(parsed, ["--method", "--key", "--identity", "--out", "--in-place"]);
-  if (err) return usage("sign", err);
-  if (parsed.positional.length !== 1) return usage("sign", "Expected one file: mda sign <file> --method did-web --key <path> --identity <domain> (--out <file>|--in-place)");
-  const method = oneOption(parsed.options, "--method");
-  if (method !== "did-web") return usage("sign", "--method did-web is required");
-  if (!oneOption(parsed.options, "--key")) return usage("sign", "--key <path> is required");
-  if (!oneOption(parsed.options, "--identity")) return usage("sign", "--identity <domain> is required");
-  const out = oneOption(parsed.options, "--out");
-  const inPlace = parsed.flags.has("--in-place");
-  if (out && inPlace || !out && !inPlace) return usage("sign", "Choose exactly one output mode: --out <file> or --in-place");
-  return commandResult(false, "sign", EXIT.failure, [
-    diag("signing-unavailable", "did:web signing is intentionally unavailable until deterministic verification fixtures are implemented")
-  ], { file: parsed.positional[0], method });
+function stringArray(value) {
+  return Array.isArray(value) ? value.filter((item) => typeof item === "string") : [];
 }
+
+// src/cli/conformance-command.ts
 function runConformance(args) {
   const parsed = parseOptions(args);
   const err = unknownOptions(parsed, ["--suite", "--level"]);
@@ -11280,6 +12292,21 @@ function runConformance(args) {
   if (level !== "V" && level !== "C") return usage("conformance", "--level must be V or C");
   const report = runConformanceSuite(suite, level);
   return commandResult(report.ok, "conformance", report.ok ? EXIT.ok : EXIT.failure, report.diagnostics, {
+    summary: report.ok ? `Conformance Level ${level} passed` : `Conformance Level ${level} failed`,
+    nextActions: report.ok && level === "V" ? [
+      nextAction(
+        "run-level-c",
+        "Run compile conformance before release evidence",
+        `mda conformance --suite ${suite} --level C`,
+        false
+      )
+    ] : report.ok ? [] : [
+      nextAction(
+        "fix-conformance",
+        "Fix failing fixtures and re-run conformance",
+        `mda conformance --suite ${suite} --level ${level}`
+      )
+    ],
     suite,
     level,
     passCount: report.passCount,
@@ -11288,6 +12315,2195 @@ function runConformance(args) {
   });
 }
 
+// src/cli/llmix-commands.ts
+import { existsSync as existsSync4, readdirSync as readdirSync2, realpathSync } from "node:fs";
+import { basename, dirname as dirname2, join as join2, relative as relative2, resolve as resolve3, sep } from "node:path";
+
+// src/cli/security-commands.ts
+import { createPrivateKey, createPublicKey, sign as cryptoSign, verify as cryptoVerify } from "node:crypto";
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "node:fs";
+function integrityPayloadBytes(integrity) {
+  return Buffer.from(jcs({ integrity: { algorithm: integrity.algorithm, digest: integrity.digest } }), "utf8");
+}
+function dssePae(payloadType, payload) {
+  return Buffer.concat([
+    Buffer.from(`DSSEv1 ${Buffer.byteLength(payloadType, "utf8")} ${payloadType} ${payload.length} `, "utf8"),
+    payload
+  ]);
+}
+function didWebDomainFromDid(did) {
+  if (!did.startsWith("did:web:")) return null;
+  const domain = did.slice("did:web:".length).split(":")[0];
+  if (!/^[A-Za-z0-9](?:[A-Za-z0-9.-]{0,251}[A-Za-z0-9])?$/.test(domain)) return null;
+  return domain;
+}
+function signerDomain(signer) {
+  return signer.startsWith("did-web:") ? signer.slice("did-web:".length) : null;
+}
+function sigstoreIssuer(signer) {
+  return signer.startsWith("sigstore-oidc:") ? signer.slice("sigstore-oidc:".length) : null;
+}
+function keyAlgorithm(key) {
+  return key.asymmetricKeyType === "ed25519" ? "ed25519" : null;
+}
+function publicKeyFingerprint(key) {
+  return computeDigest(key.export({ format: "der", type: "spki" }), "sha256");
+}
+function policyAllowsDidWeb2(policy, domain) {
+  return isRecord(policy) && Array.isArray(policy.trustedSigners) && policy.trustedSigners.some((entry) => isRecord(entry) && entry.type === "did-web" && entry.domain === domain);
+}
+function policyAllowsSigstore2(policy, fixture) {
+  if (!isRecord(policy) || !Array.isArray(policy.trustedSigners)) return false;
+  return policy.trustedSigners.some((entry) => {
+    if (!isRecord(entry) || entry.type !== "sigstore-oidc") return false;
+    if (entry.issuer !== fixture.issuer || entry.subject !== fixture.subject) return false;
+    if (entry.repository !== void 0 && entry.repository !== fixture.repository) return false;
+    if (entry.workflow !== void 0 && entry.workflow !== fixture.workflow) return false;
+    if (entry.ref !== void 0 && entry.ref !== fixture.ref) return false;
+    if (entry.environment !== void 0 && entry.environment !== fixture.environment) return false;
+    if (entry.jobWorkflowRef !== void 0 && entry.jobWorkflowRef !== fixture.jobWorkflowRef) return false;
+    return true;
+  });
+}
+function trustPolicyDiagnostics(policy, diagnostics) {
+  if (!isRecord(policy) || !Array.isArray(policy.trustedSigners)) return diagnostics;
+  const hasEnvironmentOnlyGithubActions = policy.trustedSigners.some((entry) => {
+    if (!isRecord(entry) || entry.type !== "sigstore-oidc") return false;
+    if (entry.issuer !== GITHUB_ACTIONS_ISSUER || typeof entry.environment !== "string") return false;
+    const hasRefBinding = typeof entry.repository === "string" && typeof entry.workflow === "string" && typeof entry.ref === "string";
+    const hasJobWorkflowBinding = typeof entry.repository === "string" && typeof entry.jobWorkflowRef === "string";
+    return !hasRefBinding && !hasJobWorkflowBinding;
+  });
+  if (!hasEnvironmentOnlyGithubActions) return diagnostics;
+  return [
+    diag(
+      "trust_policy.environment_only_not_supported",
+      "GitHub Actions trust policy must bind repository and exact ref or jobWorkflowRef; environment alone is not supported"
+    ),
+    ...diagnostics
+  ];
+}
+function policyMentionsSigstoreIssuer(policy, issuer) {
+  return isRecord(policy) && Array.isArray(policy.trustedSigners) && policy.trustedSigners.some((entry) => isRecord(entry) && entry.type === "sigstore-oidc" && entry.issuer === issuer);
+}
+function trustPolicyMinSignatures(policy) {
+  return isRecord(policy) && Number.isInteger(policy.minSignatures) ? Number(policy.minSignatures) : 1;
+}
+function asSignatureEntry(value) {
+  if (!isRecord(value)) return null;
+  if (typeof value.signer !== "string") return null;
+  if (typeof value["key-id"] !== "string") return null;
+  if (typeof value["payload-digest"] !== "string") return null;
+  if (typeof value.algorithm !== "string") return null;
+  if (typeof value.signature !== "string") return null;
+  return value;
+}
+function payloadTypeDiagnostic(signature) {
+  if (signature["payload-type"] === void 0 || signature["payload-type"] === INTEGRITY_PAYLOAD_TYPE) return null;
+  return diag("signature.payload_type_mismatch", `Signature payload-type must be ${INTEGRITY_PAYLOAD_TYPE}`);
+}
+function verifySignatureEntries(signatures, integrity, policy, didDocumentPath, sigstoreFixturePath) {
+  const payload = integrityPayloadBytes(integrity);
+  const sigstoreFixture = sigstoreFixturePath ? readSigstoreFixture(sigstoreFixturePath, false) : null;
+  const trusted = /* @__PURE__ */ new Set();
+  const trustedSignerIdentities = [];
+  const rejectedTrusted = [];
+  for (const rawSignature of signatures) {
+    const signature = asSignatureEntry(rawSignature);
+    if (!signature) return { malformed: true, trusted, trustedSignerIdentities, rejectedTrusted };
+    const domain = signerDomain(signature.signer);
+    if (domain) {
+      if (!policyAllowsDidWeb2(policy, domain)) continue;
+      if (signature["payload-digest"] !== integrity.digest) {
+        rejectedTrusted.push(diag("signature.digest_mismatch", "Signature payload digest does not match the expected integrity digest"));
+        continue;
+      }
+      const payloadTypeError2 = payloadTypeDiagnostic(signature);
+      if (payloadTypeError2) {
+        rejectedTrusted.push(payloadTypeError2);
+        continue;
+      }
+      const keyResult = publicKeyFromDidDocument(didDocumentPath, signature["key-id"], `did:web:${domain}`);
+      if (!keyResult.ok) {
+        rejectedTrusted.push(...keyResult.diagnostics);
+        continue;
+      }
+      if (signature.algorithm !== keyAlgorithm(keyResult.key)) {
+        rejectedTrusted.push(
+          diag("signature.unsupported_algorithm", `Signature algorithm ${signature.algorithm} does not match the DID public key`)
+        );
+        continue;
+      }
+      const ok2 = cryptoVerify(null, dssePae(INTEGRITY_PAYLOAD_TYPE, payload), keyResult.key, Buffer.from(signature.signature, "base64"));
+      if (!ok2) {
+        rejectedTrusted.push(diag("signature.verification_failed", `Signature verification failed for ${signature["key-id"]}`));
+        continue;
+      }
+      const identityKey2 = `did-web:${domain}
+${keyResult.keyFingerprint}`;
+      if (!trusted.has(identityKey2)) {
+        trusted.add(identityKey2);
+        trustedSignerIdentities.push({
+          type: "did-web",
+          signer: `did-web:${domain}`,
+          keyId: keyResult.methodId,
+          payloadDigest: signature["payload-digest"]
+        });
+      }
+      continue;
+    }
+    const issuer = sigstoreIssuer(signature.signer);
+    if (!issuer || !policyMentionsSigstoreIssuer(policy, issuer)) continue;
+    if (signature["payload-digest"] !== integrity.digest) {
+      rejectedTrusted.push(diag("signature.digest_mismatch", "Signature payload digest does not match the expected integrity digest"));
+      continue;
+    }
+    const payloadTypeError = payloadTypeDiagnostic(signature);
+    if (payloadTypeError) {
+      rejectedTrusted.push(payloadTypeError);
+      continue;
+    }
+    if (!sigstoreFixture) {
+      rejectedTrusted.push(
+        diag("sigstore.fixture_required", "--offline-sigstore-fixture <path> is required for deterministic Sigstore verification")
+      );
+      continue;
+    }
+    if (!sigstoreFixture.ok) {
+      rejectedTrusted.push(...sigstoreFixture.diagnostics);
+      continue;
+    }
+    const fixture = sigstoreFixture.fixture;
+    if (fixture.issuer !== issuer || fixture.keyId !== signature["key-id"] || !policyAllowsSigstore2(policy, fixture)) {
+      rejectedTrusted.push(diag("sigstore.identity_mismatch", "Sigstore fixture identity does not match the signature and trust policy"));
+      continue;
+    }
+    const policyRekor = isRecord(policy) && isRecord(policy.rekor) ? policy.rekor : null;
+    if (!policyRekor || policyRekor.url !== fixture.rekor.url) {
+      rejectedTrusted.push(diag("rekor.policy_mismatch", "Trust policy Rekor URL does not match the Sigstore fixture"));
+      continue;
+    }
+    if (fixture.expectedPayloadDigest !== integrity.digest || fixture.rekor.payloadDigest !== integrity.digest) {
+      rejectedTrusted.push(
+        diag("sigstore.fixture_digest_mismatch", "Sigstore fixture digest does not match the expected integrity digest")
+      );
+      continue;
+    }
+    if (signature["rekor-log-id"] === void 0 || signature["rekor-log-index"] === void 0) {
+      rejectedTrusted.push(diag("rekor.evidence_missing", "Signature is missing required Rekor evidence"));
+      continue;
+    }
+    if (signature["rekor-log-id"] !== fixture.rekor.logId || signature["rekor-log-index"] !== fixture.rekor.logIndex) {
+      rejectedTrusted.push(diag("rekor.evidence_mismatch", "Signature Rekor evidence does not match the Sigstore fixture"));
+      continue;
+    }
+    let publicKey;
+    try {
+      publicKey = createPublicKey(fixture.publicKeyPem);
+    } catch (error) {
+      rejectedTrusted.push(diag("sigstore.fixture_invalid", error instanceof Error ? error.message : String(error)));
+      continue;
+    }
+    if (signature.algorithm !== fixture.algorithm || signature.algorithm !== keyAlgorithm(publicKey)) {
+      rejectedTrusted.push(diag("signature.unsupported_algorithm", "Signature algorithm does not match the Sigstore fixture public key"));
+      continue;
+    }
+    const ok = cryptoVerify(null, dssePae(INTEGRITY_PAYLOAD_TYPE, payload), publicKey, Buffer.from(signature.signature, "base64"));
+    if (!ok) {
+      rejectedTrusted.push(diag("signature.verification_failed", `Signature verification failed for ${signature["key-id"]}`));
+      continue;
+    }
+    const identityKey = `sigstore-oidc:${fixture.issuer}
+${fixture.subject}
+${signature["key-id"]}`;
+    if (!trusted.has(identityKey)) {
+      trusted.add(identityKey);
+      trustedSignerIdentities.push({
+        type: "sigstore-oidc",
+        signer: `sigstore-oidc:${fixture.issuer}`,
+        subject: fixture.subject,
+        keyId: signature["key-id"],
+        payloadDigest: signature["payload-digest"],
+        rekorLogId: fixture.rekor.logId,
+        rekorLogIndex: fixture.rekor.logIndex
+      });
+    }
+  }
+  return { malformed: false, trusted, trustedSignerIdentities, rejectedTrusted };
+}
+function readSigstoreFixture(path, requirePrivateKey) {
+  const read = readJson(path);
+  if (!read.ok) return { ok: false, diagnostics: [diag("sigstore.fixture_unavailable", read.message)] };
+  const value = read.value;
+  const errors = [];
+  const requireString = (name) => {
+    const field = isRecord(value) ? value[name] : void 0;
+    if (typeof field !== "string" || field.length === 0)
+      errors.push(diag("sigstore.fixture_invalid", `${name} must be a non-empty string`));
+    return typeof field === "string" ? field : "";
+  };
+  if (!isRecord(value)) {
+    return { ok: false, diagnostics: [diag("sigstore.fixture_invalid", "Sigstore fixture must be a JSON object")] };
+  }
+  const fixture = {
+    issuer: requireString("issuer"),
+    subject: requireString("subject"),
+    repository: requireString("repository"),
+    workflow: requireString("workflow"),
+    ref: requireString("ref"),
+    keyId: requireString("keyId"),
+    algorithm: "ed25519",
+    publicKeyPem: requireString("publicKeyPem"),
+    expectedPayloadDigest: requireString("expectedPayloadDigest"),
+    rekor: {
+      url: "",
+      logId: "",
+      logIndex: -1,
+      payloadDigest: ""
+    }
+  };
+  if (typeof value.environment === "string" && value.environment.length > 0) fixture.environment = value.environment;
+  if (typeof value.jobWorkflowRef === "string" && value.jobWorkflowRef.length > 0) fixture.jobWorkflowRef = value.jobWorkflowRef;
+  if (typeof value.privateKeyPem === "string" && value.privateKeyPem.length > 0) fixture.privateKeyPem = value.privateKeyPem;
+  if (value.algorithm !== "ed25519") errors.push(diag("sigstore.fixture_invalid", "algorithm must be ed25519"));
+  if (!GITHUB_REPOSITORY.test(fixture.repository)) errors.push(diag("sigstore.fixture_invalid", "repository must be owner/repo"));
+  if (!GITHUB_REF.test(fixture.ref)) errors.push(diag("sigstore.fixture_invalid", "ref must be an exact refs/heads/* or refs/tags/* ref"));
+  if (!DIGEST_PATTERN.test(fixture.expectedPayloadDigest))
+    errors.push(diag("sigstore.fixture_invalid", "expectedPayloadDigest must be a sha256/sha384/sha512 digest"));
+  if (requirePrivateKey && !fixture.privateKeyPem) errors.push(diag("sigstore.fixture_invalid", "privateKeyPem is required for signing"));
+  if (!isRecord(value.rekor)) {
+    errors.push(diag("sigstore.fixture_invalid", "rekor must be an object"));
+  } else {
+    fixture.rekor = {
+      url: typeof value.rekor.url === "string" ? value.rekor.url : "",
+      logId: typeof value.rekor.logId === "string" ? value.rekor.logId : "",
+      logIndex: Number(value.rekor.logIndex),
+      payloadDigest: typeof value.rekor.payloadDigest === "string" ? value.rekor.payloadDigest : ""
+    };
+    if (!fixture.rekor.url) errors.push(diag("sigstore.fixture_invalid", "rekor.url must be a non-empty string"));
+    if (!fixture.rekor.logId) errors.push(diag("sigstore.fixture_invalid", "rekor.logId must be a non-empty string"));
+    if (!Number.isInteger(fixture.rekor.logIndex) || fixture.rekor.logIndex < 0)
+      errors.push(diag("sigstore.fixture_invalid", "rekor.logIndex must be a non-negative integer"));
+    if (!DIGEST_PATTERN.test(fixture.rekor.payloadDigest))
+      errors.push(diag("sigstore.fixture_invalid", "rekor.payloadDigest must be a sha256/sha384/sha512 digest"));
+  }
+  return errors.length > 0 ? { ok: false, diagnostics: errors } : { ok: true, fixture };
+}
+function publicKeyFromDidDocument(didDocumentPath, keyId, expectedDid) {
+  if (!didDocumentPath) {
+    return {
+      ok: false,
+      diagnostics: [diag("did_web.document_unavailable", "--did-document <path> is required for local did:web verification")]
+    };
+  }
+  const document = readJson(didDocumentPath);
+  if (!document.ok) {
+    return { ok: false, diagnostics: [diag("did_web.document_unavailable", document.message)] };
+  }
+  if (!isRecord(document.value) || !Array.isArray(document.value.verificationMethod)) {
+    return { ok: false, diagnostics: [diag("did_web.document_invalid", "DID document must contain verificationMethod[]")] };
+  }
+  if (document.value.id !== expectedDid) {
+    return { ok: false, diagnostics: [diag("did_web.document_invalid", `DID document id must be ${expectedDid}`)] };
+  }
+  if (keyId.startsWith("did:") && !keyId.startsWith(`${expectedDid}#`)) {
+    return { ok: false, diagnostics: [diag("did_web.document_invalid", `DID key ${keyId} is not anchored to ${expectedDid}`)] };
+  }
+  const fragment = keyId.startsWith("#") ? keyId : keyId.includes("#") ? `#${keyId.split("#").pop()}` : keyId;
+  const fullKeyId = fragment.startsWith("#") ? `${expectedDid}${fragment}` : null;
+  const method = document.value.verificationMethod.find(
+    (entry) => isRecord(entry) && (entry.id === keyId || entry.id === fragment || entry.id === fullKeyId)
+  );
+  if (!isRecord(method)) {
+    return { ok: false, diagnostics: [diag("did_web.key_not_found", `DID document does not contain key id ${keyId}`)] };
+  }
+  if (typeof method.id !== "string" || !method.id.startsWith(`${expectedDid}#`) && !method.id.startsWith("#")) {
+    return { ok: false, diagnostics: [diag("did_web.document_invalid", `DID key ${keyId} is not anchored to ${expectedDid}`)] };
+  }
+  if (method.controller !== expectedDid) {
+    return { ok: false, diagnostics: [diag("did_web.document_invalid", `DID key ${keyId} controller must be ${expectedDid}`)] };
+  }
+  const methodId = method.id.startsWith("#") ? `${expectedDid}${method.id}` : method.id;
+  try {
+    if (isRecord(method.publicKeyJwk)) {
+      const key = createPublicKey({ key: method.publicKeyJwk, format: "jwk" });
+      return {
+        ok: true,
+        key,
+        methodId,
+        keyFingerprint: publicKeyFingerprint(key)
+      };
+    }
+    if (typeof method.publicKeyPem === "string") {
+      const key = createPublicKey(method.publicKeyPem);
+      return { ok: true, key, methodId, keyFingerprint: publicKeyFingerprint(key) };
+    }
+    return { ok: false, diagnostics: [diag("did_web.key_not_found", `DID key ${keyId} has no supported public key material`)] };
+  } catch (error) {
+    return { ok: false, diagnostics: [diag("did_web.key_invalid", error instanceof Error ? error.message : String(error))] };
+  }
+}
+function runVerify(args) {
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, ["--target", "--sidecar", "--policy", "--did-document", "--offline-sigstore-fixture", "--offline"]);
+  if (err) return usage("verify", err);
+  if (parsed.flags.has("--offline")) return usage("verify", "verify --offline is not a stable MVP option");
+  if (parsed.positional.length !== 1) return usage("verify", "Expected one file: mda verify <file> --policy <path>");
+  const policyPath = oneOption(parsed.options, "--policy");
+  if (!policyPath) return usage("verify", "--policy <path> is required");
+  const file = parsed.positional[0];
+  const requestedTarget = parseTarget(oneOption(parsed.options, "--target") ?? "auto");
+  if (!requestedTarget) return usage("verify", "--target must be source, SKILL.md, AGENTS.md, MCP-SERVER.md, or auto");
+  const targetResult = resolveTarget(file, requestedTarget);
+  if (!targetResult.ok) return targetResult.result("verify", file);
+  const policy = readJson(policyPath);
+  if (!policy.ok) return ioError("verify", policy.message, { file, policy: policyPath });
+  const policyValidation = validateJsonAgainst(policy.value, "trustPolicy");
+  if (!policyValidation.ok)
+    return commandResult(false, "verify", EXIT.failure, trustPolicyDiagnostics(policy.value, policyValidation.diagnostics), {
+      file,
+      policy: policyPath
+    });
+  const validation = validateArtifact(file, targetResult.target);
+  if (!validation.ok)
+    return commandResult(false, "verify", EXIT.failure, validation.diagnostics, { file, target: targetResult.target, policy: policyPath });
+  const integrityArgs = ["verify", file, "--target", targetResult.target];
+  const sidecar = oneOption(parsed.options, "--sidecar");
+  if (sidecar) integrityArgs.push("--sidecar", sidecar);
+  const integrity = runIntegrity(integrityArgs);
+  if (!integrity.ok)
+    return commandResult(false, "verify", EXIT.failure, integrity.diagnostics, { file, target: targetResult.target, policy: policyPath });
+  const signedArtifact = readArtifact(file);
+  if (!signedArtifact.ok || signedArtifact.extract.kind !== "ok" || !isRecord(signedArtifact.extract.frontmatter)) {
+    return commandResult(false, "verify", EXIT.failure, [diag("missing-required-frontmatter", "Verification requires frontmatter")], {
+      file,
+      target: targetResult.target,
+      policy: policyPath
+    });
+  }
+  if (!Array.isArray(signedArtifact.extract.frontmatter.signatures) || signedArtifact.extract.frontmatter.signatures.length === 0) {
+    return commandResult(false, "verify", EXIT.failure, [diag("missing-required-signature", "Verification requires signatures[]")], {
+      file,
+      target: targetResult.target,
+      policy: policyPath
+    });
+  }
+  const integrityField = signedArtifact.extract.frontmatter.integrity;
+  if (!isRecord(integrityField) || typeof integrityField.algorithm !== "string" || typeof integrityField.digest !== "string") {
+    return commandResult(false, "verify", EXIT.failure, [diag("missing-required-integrity", "Verification requires integrity")], {
+      file,
+      target: targetResult.target,
+      policy: policyPath
+    });
+  }
+  const didDocumentPath = oneOption(parsed.options, "--did-document");
+  const sigstoreFixturePath = oneOption(parsed.options, "--offline-sigstore-fixture");
+  const signatureVerification = verifySignatureEntries(
+    signedArtifact.extract.frontmatter.signatures,
+    { algorithm: integrityField.algorithm, digest: integrityField.digest },
+    policy.value,
+    didDocumentPath,
+    sigstoreFixturePath
+  );
+  if (signatureVerification.malformed) {
+    return commandResult(false, "verify", EXIT.failure, [diag("signature.invalid_entry", "Signature entry is malformed")], {
+      file,
+      target: targetResult.target,
+      policy: policyPath
+    });
+  }
+  const { trusted, trustedSignerIdentities, rejectedTrusted } = signatureVerification;
+  if (trusted.size === 0) {
+    const hasSigstoreRejection = rejectedTrusted.some((d) => d.code.startsWith("sigstore.") || d.code.startsWith("rekor."));
+    return commandResult(
+      false,
+      "verify",
+      EXIT.failure,
+      rejectedTrusted.length > 0 ? rejectedTrusted : [diag("no-trusted-signature", "no signature matched the trust policy")],
+      {
+        summary: rejectedTrusted.length > 0 ? "No trusted signature could be verified" : "No trusted signature matched the policy",
+        nextActions: rejectedTrusted.length > 0 ? hasSigstoreRejection ? [
+          nextAction(
+            "provide-sigstore-fixture",
+            "Provide the explicit Sigstore/Rekor fixture matching this release identity",
+            `mda verify ${file} --policy ${policyPath} --offline-sigstore-fixture <sigstore-fixture.json>`
+          )
+        ] : [
+          nextAction(
+            "fix-did-document",
+            "Provide the DID document containing the signature key",
+            `mda verify ${file} --policy ${policyPath} --did-document <did-document.json>`
+          )
+        ] : [
+          nextAction(
+            "sign-with-trusted-identity",
+            "Sign the artifact with a did:web identity allowed by the policy",
+            `mda sign ${file} --profile did-web --did did:web:<domain> --key-id did:web:<domain>#<key> --key-file <private-key> --out signed.mda`
+          )
+        ],
+        file,
+        target: targetResult.target,
+        policy: policyPath,
+        rejectedSignatures: rejectedTrusted.length
+      }
+    );
+  }
+  const minSignatures = trustPolicyMinSignatures(policy.value);
+  if (trusted.size < minSignatures) {
+    return commandResult(
+      false,
+      "verify",
+      EXIT.failure,
+      [diag("insufficient-trusted-signatures", `${trusted.size} trusted signer identities < ${minSignatures}`)],
+      {
+        summary: "Trusted signature threshold was not met",
+        nextActions: [
+          nextAction(
+            "add-signatures",
+            "Add enough trusted signatures to satisfy minSignatures",
+            `mda sign ${file} --profile did-web --did did:web:<domain> --key-id did:web:<domain>#<key> --key-file <private-key> --out signed.mda`
+          )
+        ],
+        file,
+        target: targetResult.target,
+        policy: policyPath,
+        trustedSignatures: trusted.size,
+        rejectedSignatures: rejectedTrusted.length,
+        minSignatures,
+        trustedSignerIdentities
+      }
+    );
+  }
+  return commandResult(true, "verify", EXIT.ok, [], {
+    summary: "Signature verification passed",
+    artifacts: [artifact("verified-signature", file, targetResult.target, String(integrityField.digest))],
+    nextActions: [
+      externalNextAction(
+        "publish-artifact",
+        "Use this verified artifact in the release flow",
+        "continue to release-plan or trust-manifest generation",
+        false
+      )
+    ],
+    message: `verified ${trusted.size} trusted signature(s)`,
+    file,
+    target: targetResult.target,
+    policy: policyPath,
+    trustedSignatures: trusted.size,
+    rejectedSignatures: rejectedTrusted.length,
+    minSignatures,
+    trustedSignerIdentities,
+    payloadDigest: integrityField.digest
+  });
+}
+function runSign(args) {
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, [
+    "--target",
+    "--sidecar",
+    "--profile",
+    "--did",
+    "--key-id",
+    "--key-file",
+    "--method",
+    "--key",
+    "--identity",
+    "--repo",
+    "--workflow",
+    "--ref",
+    "--offline-sigstore-fixture",
+    "--out",
+    "--in-place",
+    "--rekor"
+  ]);
+  if (err) return usage("sign", err);
+  if (parsed.positional.length !== 1)
+    return usage(
+      "sign",
+      "Expected one file: mda sign <file> --profile did-web --did <did> --key-id <key-id> --key-file <path> (--out <file>|--in-place)"
+    );
+  const file = parsed.positional[0];
+  const profile = oneOption(parsed.options, "--profile");
+  const method = oneOption(parsed.options, "--method");
+  if (profile === "github-actions") return runGithubActionsSign(parsed);
+  if (profile && profile !== "did-web") return usage("sign", `Unsupported signing profile: ${profile}`);
+  if (method && method !== "did-web") return usage("sign", "--method did-web is the only compatibility alias");
+  if (!profile && !method) return usage("sign", "--profile did-web is required");
+  if (parsed.options.has("--repo") || parsed.options.has("--workflow") || parsed.options.has("--ref") || parsed.options.has("--offline-sigstore-fixture") || parsed.flags.has("--rekor")) {
+    return usage("sign", "GitHub Actions signing options require --profile github-actions");
+  }
+  const identity = oneOption(parsed.options, "--identity");
+  const did = oneOption(parsed.options, "--did") ?? (identity ? `did:web:${identity}` : null);
+  if (!did) return usage("sign", "--did <did> is required");
+  const domain = didWebDomainFromDid(did);
+  if (!domain) return usage("sign", "--did must be a did:web DID with a valid domain");
+  const keyId = oneOption(parsed.options, "--key-id") ?? `${did}#default`;
+  const keyFile = oneOption(parsed.options, "--key-file") ?? oneOption(parsed.options, "--key");
+  if (!keyFile)
+    return commandResult(false, "sign", EXIT.usage, [diag("did_web.key_input_missing", "--key-file <path> is required")], {
+      summary: "sign usage error",
+      nextActions: [
+        nextAction(
+          "provide-did-web-key",
+          "Provide the explicit did:web private key file",
+          `mda sign ${file} --profile did-web --did ${did} --key-id ${keyId} --key-file <private-key> --out signed.mda`
+        )
+      ],
+      file,
+      written: false
+    });
+  const out = oneOption(parsed.options, "--out");
+  const inPlace = parsed.flags.has("--in-place");
+  if (out && inPlace || !out && !inPlace) return usage("sign", "Choose exactly one output mode: --out <file> or --in-place");
+  if (out && existsSync3(out)) return ioError("sign", `Refusing to overwrite existing file: ${out}`, { file, out, written: false });
+  const requestedTarget = parseTarget(oneOption(parsed.options, "--target") ?? "auto");
+  if (!requestedTarget) return usage("sign", "--target must be source, SKILL.md, AGENTS.md, MCP-SERVER.md, or auto");
+  const targetResult = resolveTarget(file, requestedTarget);
+  if (!targetResult.ok) return targetResult.result("sign", file);
+  const sidecar = oneOption(parsed.options, "--sidecar");
+  const integrityArgs = ["verify", file, "--target", targetResult.target];
+  if (sidecar) integrityArgs.push("--sidecar", sidecar);
+  const integrityResult = runIntegrity(integrityArgs);
+  if (!integrityResult.ok) {
+    return commandResult(false, "sign", EXIT.failure, integrityResult.diagnostics, {
+      summary: "Signing requires valid recorded integrity",
+      nextActions: [
+        nextAction(
+          "write-integrity",
+          "Record integrity before signing",
+          `mda integrity compute ${file} --target ${targetResult.target} --write`
+        )
+      ],
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  const input = readArtifact(file);
+  if (!input.ok || input.extract.kind !== "ok" || !isRecord(input.extract.frontmatter)) {
+    return commandResult(false, "sign", EXIT.failure, [diag("missing-required-frontmatter", "Signing requires frontmatter")], {
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  const integrity = input.extract.frontmatter.integrity;
+  if (!isRecord(integrity) || typeof integrity.digest !== "string") {
+    return commandResult(false, "sign", EXIT.failure, [diag("missing-required-integrity", "Signing requires integrity")], {
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  if (input.extract.frontmatter.signatures !== void 0 && !Array.isArray(input.extract.frontmatter.signatures)) {
+    return commandResult(false, "sign", EXIT.failure, [diag("signature.invalid_entry", "Existing signatures must be an array")], {
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  let privateKey;
+  try {
+    privateKey = createPrivateKey(readFileSync2(keyFile));
+  } catch (error) {
+    return ioError("sign", error instanceof Error ? error.message : String(error), { file, keyFile, written: false });
+  }
+  const algorithm = keyAlgorithm(privateKey);
+  if (!algorithm) {
+    return commandResult(
+      false,
+      "sign",
+      EXIT.failure,
+      [diag("signature.unsupported_algorithm", "Only Ed25519 did:web keys are supported in this release")],
+      { file, keyFile, written: false }
+    );
+  }
+  const payload = integrityPayloadBytes(integrity);
+  const signatureBytes = cryptoSign(null, dssePae(INTEGRITY_PAYLOAD_TYPE, payload), privateKey);
+  const signature = {
+    signer: `did-web:${domain}`,
+    "key-id": keyId,
+    "payload-digest": integrity.digest,
+    algorithm,
+    signature: signatureBytes.toString("base64"),
+    "payload-type": INTEGRITY_PAYLOAD_TYPE
+  };
+  const frontmatter = {
+    ...input.extract.frontmatter,
+    signatures: [...Array.isArray(input.extract.frontmatter.signatures) ? input.extract.frontmatter.signatures : [], signature]
+  };
+  const destination = inPlace ? file : out;
+  try {
+    if (inPlace) atomicReplace(file, renderArtifact(frontmatter, input.extract.body));
+    else atomicWrite(destination, renderArtifact(frontmatter, input.extract.body));
+  } catch (error) {
+    return ioError("sign", error instanceof Error ? error.message : String(error), { file, out: destination, written: false });
+  }
+  return commandResult(true, "sign", EXIT.ok, [], {
+    summary: "did:web signature written",
+    artifacts: [artifact("signed-artifact", destination, targetResult.target, String(integrity.digest))],
+    nextActions: [
+      nextAction(
+        "verify-signature",
+        "Verify the signed artifact with a trust policy",
+        `mda verify ${destination} --policy <policy.json> --did-document <did-document.json>`
+      )
+    ],
+    message: `signed ${destination}`,
+    file,
+    target: targetResult.target,
+    profile: "did-web",
+    signer: `did-web:${domain}`,
+    keyId,
+    payloadDigest: integrity.digest,
+    out: destination,
+    written: true
+  });
+}
+function runGithubActionsSign(parsed) {
+  if (parsed.options.has("--method") || parsed.options.has("--did") || parsed.options.has("--key-id") || parsed.options.has("--key-file") || parsed.options.has("--key") || parsed.options.has("--identity")) {
+    return usage("sign", "did:web signing options cannot be combined with --profile github-actions");
+  }
+  const file = parsed.positional[0];
+  const repo = oneOption(parsed.options, "--repo");
+  const workflow = oneOption(parsed.options, "--workflow");
+  const ref = oneOption(parsed.options, "--ref");
+  const fixturePath = oneOption(parsed.options, "--offline-sigstore-fixture");
+  if (!repo || !GITHUB_REPOSITORY.test(repo)) return usage("sign", "--repo must be a GitHub repository in owner/repo form");
+  if (!workflow || workflow.trim() !== workflow || workflow.length === 0)
+    return usage("sign", "--workflow must be a non-empty workflow file or identity");
+  if (!ref || !GITHUB_REF.test(ref)) return usage("sign", "--ref must be an exact Git ref such as refs/heads/main or refs/tags/v1.1.0");
+  if (!parsed.flags.has("--rekor")) return usage("sign", "--rekor is required for --profile github-actions");
+  if (!fixturePath) return usage("sign", "--offline-sigstore-fixture <path> is required for --profile github-actions");
+  const out = oneOption(parsed.options, "--out");
+  const inPlace = parsed.flags.has("--in-place");
+  if (out && inPlace || !out && !inPlace) return usage("sign", "Choose exactly one output mode: --out <file> or --in-place");
+  if (out && existsSync3(out)) return ioError("sign", `Refusing to overwrite existing file: ${out}`, { file, out, written: false });
+  const requestedTarget = parseTarget(oneOption(parsed.options, "--target") ?? "auto");
+  if (!requestedTarget) return usage("sign", "--target must be source, SKILL.md, AGENTS.md, MCP-SERVER.md, or auto");
+  const targetResult = resolveTarget(file, requestedTarget);
+  if (!targetResult.ok) return targetResult.result("sign", file);
+  const sidecar = oneOption(parsed.options, "--sidecar");
+  const integrityArgs = ["verify", file, "--target", targetResult.target];
+  if (sidecar) integrityArgs.push("--sidecar", sidecar);
+  const integrityResult = runIntegrity(integrityArgs);
+  if (!integrityResult.ok) {
+    return commandResult(false, "sign", EXIT.failure, integrityResult.diagnostics, {
+      summary: "Signing requires valid recorded integrity",
+      nextActions: [
+        nextAction(
+          "write-integrity",
+          "Record integrity before signing",
+          `mda integrity compute ${file} --target ${targetResult.target} --write`
+        )
+      ],
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  const input = readArtifact(file);
+  if (!input.ok || input.extract.kind !== "ok" || !isRecord(input.extract.frontmatter)) {
+    return commandResult(false, "sign", EXIT.failure, [diag("missing-required-frontmatter", "Signing requires frontmatter")], {
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  const integrity = input.extract.frontmatter.integrity;
+  if (!isRecord(integrity) || typeof integrity.digest !== "string") {
+    return commandResult(false, "sign", EXIT.failure, [diag("missing-required-integrity", "Signing requires integrity")], {
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  if (input.extract.frontmatter.signatures !== void 0 && !Array.isArray(input.extract.frontmatter.signatures)) {
+    return commandResult(false, "sign", EXIT.failure, [diag("signature.invalid_entry", "Existing signatures must be an array")], {
+      file,
+      target: targetResult.target,
+      written: false
+    });
+  }
+  const fixtureResult = readSigstoreFixture(fixturePath, true);
+  if (!fixtureResult.ok) {
+    return commandResult(false, "sign", EXIT.failure, fixtureResult.diagnostics, {
+      summary: "Sigstore fixture is invalid",
+      file,
+      target: targetResult.target,
+      fixture: fixturePath,
+      written: false
+    });
+  }
+  const fixture = fixtureResult.fixture;
+  const expectedSubject = `repo:${repo}:ref:${ref}`;
+  if (fixture.issuer !== GITHUB_ACTIONS_ISSUER || fixture.subject !== expectedSubject || fixture.repository !== repo || fixture.workflow !== workflow || fixture.ref !== ref) {
+    return commandResult(
+      false,
+      "sign",
+      EXIT.failure,
+      [diag("sigstore.identity_mismatch", "Sigstore fixture identity does not match the requested GitHub Actions release identity")],
+      { file, target: targetResult.target, fixture: fixturePath, written: false }
+    );
+  }
+  if (fixture.expectedPayloadDigest !== integrity.digest || fixture.rekor.payloadDigest !== integrity.digest) {
+    return commandResult(
+      false,
+      "sign",
+      EXIT.failure,
+      [diag("sigstore.fixture_digest_mismatch", "Sigstore fixture digest does not match artifact integrity digest")],
+      { file, target: targetResult.target, fixture: fixturePath, written: false }
+    );
+  }
+  let privateKey;
+  let publicKey;
+  try {
+    privateKey = createPrivateKey(fixture.privateKeyPem);
+    publicKey = createPublicKey(fixture.publicKeyPem);
+  } catch (error) {
+    return commandResult(
+      false,
+      "sign",
+      EXIT.failure,
+      [diag("sigstore.fixture_invalid", error instanceof Error ? error.message : String(error))],
+      {
+        file,
+        target: targetResult.target,
+        fixture: fixturePath,
+        written: false
+      }
+    );
+  }
+  if (keyAlgorithm(privateKey) !== fixture.algorithm || keyAlgorithm(publicKey) !== fixture.algorithm) {
+    return commandResult(
+      false,
+      "sign",
+      EXIT.failure,
+      [diag("signature.unsupported_algorithm", "Only Ed25519 GitHub Actions fixture keys are supported in this release")],
+      { file, target: targetResult.target, fixture: fixturePath, written: false }
+    );
+  }
+  const payload = integrityPayloadBytes(integrity);
+  const signatureBytes = cryptoSign(null, dssePae(INTEGRITY_PAYLOAD_TYPE, payload), privateKey);
+  if (!cryptoVerify(null, dssePae(INTEGRITY_PAYLOAD_TYPE, payload), publicKey, signatureBytes)) {
+    return commandResult(
+      false,
+      "sign",
+      EXIT.failure,
+      [diag("sigstore.fixture_invalid", "Sigstore fixture public key does not match private key")],
+      {
+        file,
+        target: targetResult.target,
+        fixture: fixturePath,
+        written: false
+      }
+    );
+  }
+  const signature = {
+    signer: `sigstore-oidc:${fixture.issuer}`,
+    "key-id": fixture.keyId,
+    "payload-digest": integrity.digest,
+    algorithm: fixture.algorithm,
+    signature: signatureBytes.toString("base64"),
+    "payload-type": INTEGRITY_PAYLOAD_TYPE,
+    "rekor-log-id": fixture.rekor.logId,
+    "rekor-log-index": fixture.rekor.logIndex
+  };
+  const frontmatter = {
+    ...input.extract.frontmatter,
+    signatures: [...Array.isArray(input.extract.frontmatter.signatures) ? input.extract.frontmatter.signatures : [], signature]
+  };
+  const destination = inPlace ? file : out;
+  try {
+    if (inPlace) atomicReplace(file, renderArtifact(frontmatter, input.extract.body));
+    else atomicWrite(destination, renderArtifact(frontmatter, input.extract.body));
+  } catch (error) {
+    return ioError("sign", error instanceof Error ? error.message : String(error), { file, out: destination, written: false });
+  }
+  return commandResult(true, "sign", EXIT.ok, [], {
+    summary: "GitHub Actions Sigstore/Rekor signature written",
+    artifacts: [artifact("signed-artifact", destination, targetResult.target, String(integrity.digest))],
+    nextActions: [
+      nextAction(
+        "verify-github-actions-signature",
+        "Verify the signed release artifact with the pinned trust policy and fixture",
+        `mda verify ${destination} --policy <policy.json> --offline-sigstore-fixture ${fixturePath}`
+      )
+    ],
+    message: `signed ${destination}`,
+    file,
+    target: targetResult.target,
+    profile: "github-actions",
+    signer: `sigstore-oidc:${fixture.issuer}`,
+    keyId: fixture.keyId,
+    payloadDigest: integrity.digest,
+    rekorLogId: fixture.rekor.logId,
+    rekorLogIndex: fixture.rekor.logIndex,
+    out: destination,
+    written: true
+  });
+}
+
+// src/cli/llmix-commands.ts
+var LLMIX_REGISTRY_TARGET = "llmix-registry";
+function runLlmix(args) {
+  return migratedCommand("llmix", llmixMigrationReplacement(args));
+}
+function runRelease(args) {
+  if (args[0] === "trust" && args[1] === "policy") return runLlmixTrustPolicy(args.slice(2), "release trust policy");
+  if (args[0] === "prepare") return runLlmixReleasePlan(args.slice(1), "release prepare");
+  if (args[0] === "finalize") {
+    if (args.includes("--manifest") || args.includes("--snippet-format") || args.includes("--snippet-out")) {
+      return runLlmixTrustSnippets(args.slice(1), "release finalize");
+    }
+    return runLlmixTrustManifest(args.slice(1), "release finalize");
+  }
+  return usage(
+    "release",
+    "Expected subcommand: release trust policy --target llmix-registry | release prepare --target llmix-registry | release finalize --target llmix-registry"
+  );
+}
+function runLlmixTrustPolicy(args, command = "release trust policy") {
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, ["--target", "--profile", "--domain", "--min-signatures", "--out", "--repo", "--workflow", "--ref"]);
+  if (err) return usage(command, err);
+  const targetErr = releaseTargetError(command, parsed);
+  if (targetErr) return targetErr;
+  if (parsed.positional.length !== 0) return usage(command, `${command} takes no positional arguments`);
+  const profile = oneOption(parsed.options, "--profile");
+  if (!profile) return usage(command, "--profile <profile> is required");
+  if (profile === "did-web") return runDidWebTrustPolicy(parsed.options, command);
+  if (profile === "github-actions") return runGithubActionsTrustPolicy(parsed.options, command);
+  return commandResult(
+    false,
+    command,
+    EXIT.failure,
+    [diag("trust_policy.unsupported_profile", `Unsupported trust policy profile: ${profile}`)],
+    {
+      summary: "Trust policy profile is not supported",
+      nextActions: [
+        nextAction(
+          "use-did-web-policy-profile",
+          "Use did:web for local deterministic signing",
+          "mda release trust policy --target llmix-registry --profile did-web --domain example.com --out release-trust-policy.json"
+        ),
+        nextAction(
+          "use-github-actions-policy-profile",
+          "Use GitHub Actions Sigstore/Rekor for CI release signing",
+          "mda release trust policy --target llmix-registry --profile github-actions --repo owner/repo --workflow release.yml --ref refs/heads/main --out release-trust-policy.json"
+        )
+      ]
+    }
+  );
+}
+function runLlmixReleasePlan(args, command = "release prepare") {
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, [
+    "--target",
+    "--source",
+    "--registry-dir",
+    "--policy",
+    "--out",
+    "--did-document",
+    "--offline-sigstore-fixture"
+  ]);
+  if (err) return usage(command, err);
+  const targetErr = releaseTargetError(command, parsed);
+  if (targetErr) return targetErr;
+  if (parsed.positional.length !== 0) return usage(command, `${command} takes no positional arguments`);
+  const sourceDir = oneOption(parsed.options, "--source");
+  const registryDir = oneOption(parsed.options, "--registry-dir");
+  const policyPath = oneOption(parsed.options, "--policy");
+  const out = oneOption(parsed.options, "--out");
+  if (!sourceDir) return usage(command, "--source <dir> is required");
+  if (!registryDir) return usage(command, "--registry-dir <dir> is required");
+  if (!policyPath) return usage(command, "--policy <path> is required");
+  if (!out) return usage(command, "--out <file> is required");
+  if (existsSync4(out))
+    return ioError(command, `Refusing to overwrite existing file: ${out}`, { sourceDir, registryDir, policy: policyPath });
+  const policy = readJson(policyPath);
+  if (!policy.ok) return ioError(command, policy.message, { sourceDir, registryDir, policy: policyPath });
+  const policyValidation = validateJsonAgainst(policy.value, "trustPolicy");
+  if (!policyValidation.ok)
+    return commandResult(false, command, EXIT.failure, policyValidation.diagnostics, {
+      sourceDir,
+      registryDir,
+      policy: policyPath
+    });
+  const sourceRoot = resolve3(sourceDir);
+  const scanned = scanMdaSources(sourceRoot);
+  if (!scanned.ok) return ioError(command, scanned.message, { sourceDir, registryDir, policy: policyPath });
+  if (scanned.files.length === 0) {
+    return commandResult(false, command, EXIT.failure, [diag("llmix.no_sources", "No .mda sources found under --source")], {
+      summary: "Release prepare blocked",
+      nextActions: [
+        nextAction(
+          "add-llmix-source",
+          "Add signed LLMix .mda preset sources and retry",
+          `mda release prepare --target llmix-registry --source ${sourceDir} --registry-dir ${registryDir} --policy ${policyPath} --out ${out}`
+        )
+      ],
+      sourceDir,
+      registryDir,
+      policy: policyPath,
+      written: false
+    });
+  }
+  const diagnostics = [];
+  const sources = [];
+  const plannedRegistryEntries = /* @__PURE__ */ new Map();
+  const didDocument = oneOption(parsed.options, "--did-document");
+  const sigstoreFixture = oneOption(parsed.options, "--offline-sigstore-fixture");
+  for (const file of scanned.files) {
+    const sourceRelativePath = relativePath(sourceRoot, file);
+    const validation = validateArtifact(file, "source");
+    if (!validation.ok) {
+      diagnostics.push(...validation.diagnostics.map((d) => ({ ...d, path: file })));
+      continue;
+    }
+    const integrity = runIntegrity(["verify", file, "--target", "source"]);
+    if (!integrity.ok) {
+      diagnostics.push(...integrity.diagnostics.map((d) => ({ ...d, path: file })));
+      continue;
+    }
+    const verifyArgs = [file, "--target", "source", "--policy", policyPath];
+    if (didDocument) verifyArgs.push("--did-document", didDocument);
+    if (sigstoreFixture) verifyArgs.push("--offline-sigstore-fixture", sigstoreFixture);
+    const verified = runVerify(verifyArgs);
+    if (!verified.ok) {
+      diagnostics.push(...verified.diagnostics.map((d) => ({ ...d, path: file })));
+      continue;
+    }
+    const artifactRead = readArtifact(file);
+    if (!artifactRead.ok || artifactRead.extract.kind !== "ok" || !isRecord(artifactRead.extract.frontmatter)) {
+      diagnostics.push(diag("llmix.source_unreadable", "Source frontmatter could not be read after verification", { path: file }));
+      continue;
+    }
+    const identity = llmixPresetIdentity(artifactRead.extract.frontmatter);
+    if (!identity) {
+      diagnostics.push(
+        diag("llmix.release_identity_missing", "Source is missing a valid metadata.snoai-llmix module and preset", { path: file })
+      );
+      continue;
+    }
+    const canonical = canonicalizeFromFile(file, "source", null);
+    if (!canonical.ok) {
+      diagnostics.push(...canonical.diagnostics.map((d) => ({ ...d, path: file })));
+      continue;
+    }
+    const signerIdentity = firstTrustedSignerIdentity(verified.trustedSignerIdentities);
+    if (!signerIdentity) {
+      diagnostics.push(
+        diag("trust_policy.no_trusted_signature", "Verified source did not return a trusted signer identity", { path: file })
+      );
+      continue;
+    }
+    const expectedRegistryEntryIdentity = `${identity.module}/${identity.preset}`;
+    const existingSourcePath = plannedRegistryEntries.get(expectedRegistryEntryIdentity);
+    if (existingSourcePath) {
+      diagnostics.push(
+        diag(
+          "llmix.duplicate_registry_entry",
+          `Multiple sources target registry entry ${expectedRegistryEntryIdentity}; first source is ${existingSourcePath}`,
+          { path: file }
+        )
+      );
+      continue;
+    }
+    plannedRegistryEntries.set(expectedRegistryEntryIdentity, sourceRelativePath);
+    sources.push({
+      module: identity.module,
+      preset: identity.preset,
+      sourcePath: sourceRelativePath,
+      canonicalSourceDigest: computeDigest(canonical.bytes, "sha256"),
+      signaturePayloadDigest: signerIdentity.payloadDigest,
+      signerIdentity,
+      expectedRegistryEntryIdentity,
+      expectedRegistryEntryPath: `${identity.module}/${identity.preset}.json`
+    });
+  }
+  if (diagnostics.length > 0) {
+    return commandResult(false, command, EXIT.failure, diagnostics, {
+      summary: "Release prepare blocked",
+      nextActions: [
+        nextAction(
+          "fix-source-validation",
+          "Fix validation, integrity, and signature diagnostics before release planning",
+          `mda validate <source.mda> --target source`
+        ),
+        nextAction(
+          "verify-source-signature",
+          "Verify each signed preset with the selected trust policy",
+          `mda verify <signed.mda> --target source --policy ${policyPath}`
+        )
+      ],
+      sourceDir,
+      registryDir,
+      policy: policyPath,
+      sourceCount: scanned.files.length,
+      written: false
+    });
+  }
+  sources.sort(
+    (left, right) => String(left.expectedRegistryEntryIdentity).localeCompare(String(right.expectedRegistryEntryIdentity)) || String(left.sourcePath).localeCompare(String(right.sourcePath))
+  );
+  const sourceSetDigest = computeDigest(Buffer.from(jcs({ sources }), "utf8"), "sha256");
+  const releasePlan = {
+    version: 1,
+    kind: "llmix-release-plan",
+    sourceDir,
+    registryDir,
+    policy: policyPath,
+    sourceSetDigest,
+    sources,
+    checklist: [
+      { id: "source-validation", ok: true, count: sources.length },
+      { id: "integrity-verification", ok: true, count: sources.length },
+      { id: "signature-verification", ok: true, count: sources.length },
+      {
+        id: "registry-publish",
+        ok: false,
+        external: true,
+        reason: "Publish with LLMix trustedRuntime=true using this verified source set."
+      }
+    ],
+    publish: {
+      external: true,
+      trustedRuntime: true,
+      next: "Run the LLMix registry publisher with this verified source set, then sign the registry root before generating the trust manifest."
+    }
+  };
+  try {
+    atomicWrite(out, `${JSON.stringify(releasePlan, null, 2)}
+`);
+  } catch (error) {
+    return ioError(command, error instanceof Error ? error.message : String(error), {
+      sourceDir,
+      registryDir,
+      policy: policyPath,
+      out,
+      written: false
+    });
+  }
+  return commandResult(true, command, EXIT.ok, [], {
+    summary: `Prepared LLMix registry release plan for ${sources.length} source(s)`,
+    artifacts: [artifact("llmix-release-plan", out, void 0, sourceSetDigest)],
+    nextActions: [
+      externalNextAction(
+        "publish-llmix-registry",
+        "Publish the verified source set with LLMix trustedRuntime=true",
+        "use the LLMix registry publisher, then sign the registry root"
+      ),
+      externalNextAction(
+        "prepare-trust-manifest-inputs",
+        "After registry publication, collect the signed registry root and root trust policy for trust manifest generation",
+        "wait for the signed registry root evidence before running the trust manifest step",
+        false
+      )
+    ],
+    message: `wrote ${out}`,
+    sourceDir,
+    registryDir,
+    policy: policyPath,
+    out,
+    sourceSetDigest,
+    sourceCount: sources.length,
+    releasePlan,
+    written: true
+  });
+}
+function runLlmixTrustManifest(args, command = "release finalize") {
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, [
+    "--target",
+    "--registry-dir",
+    "--registry-root",
+    "--release-plan",
+    "--policy",
+    "--expected-root-digest",
+    "--derive-root-digest",
+    "--minimum-revision",
+    "--minimum-published-at",
+    "--high-watermark",
+    "--out",
+    "--did-document",
+    "--offline-sigstore-fixture"
+  ]);
+  if (err) return usage(command, err);
+  const targetErr = releaseTargetError(command, parsed);
+  if (targetErr) return targetErr;
+  if (parsed.positional.length !== 0) return usage(command, `${command} takes no positional arguments`);
+  const registryDir = oneOption(parsed.options, "--registry-dir");
+  const registryRootPath = oneOption(parsed.options, "--registry-root");
+  const releasePlanPath = oneOption(parsed.options, "--release-plan");
+  const policyPath = oneOption(parsed.options, "--policy");
+  const out = oneOption(parsed.options, "--out");
+  const expectedRootDigestOption = oneOption(parsed.options, "--expected-root-digest");
+  const deriveRootDigest = parsed.flags.has("--derive-root-digest");
+  if (!registryDir) return usage(command, "--registry-dir <dir> is required");
+  if (!registryRootPath) return usage(command, "--registry-root <file> is required");
+  if (!releasePlanPath) return usage(command, "--release-plan <file> is required");
+  if (!policyPath) return usage(command, "--policy <path> is required");
+  if (!out) return usage(command, "--out <file> is required");
+  if (Boolean(expectedRootDigestOption) === deriveRootDigest)
+    return usage(command, "Choose exactly one: --expected-root-digest <digest> or --derive-root-digest");
+  if (expectedRootDigestOption && !DIGEST_PATTERN.test(expectedRootDigestOption))
+    return usage(command, "--expected-root-digest must be a sha256/sha384/sha512 digest");
+  if (existsSync4(out))
+    return ioError(command, `Refusing to overwrite existing file: ${out}`, {
+      registryDir,
+      registryRoot: registryRootPath,
+      out
+    });
+  if (pathResolvesInsideDir(out, registryDir)) {
+    return commandResult(
+      false,
+      command,
+      EXIT.failure,
+      [diag("release.trust_artifact_inside_registry", "--out must resolve outside --registry-dir")],
+      {
+        summary: "Release trust artifact output must be outside the registry directory",
+        nextActions: [
+          nextAction(
+            "write-external-manifest",
+            "Write the deployment trust manifest outside config/llm or the selected registry directory",
+            `mda release finalize --target llmix-registry --registry-dir ${registryDir} --registry-root ${registryRootPath} --release-plan ${releasePlanPath} --policy ${policyPath} --derive-root-digest --out release/llmix-trust.json`
+          )
+        ],
+        registryDir,
+        out,
+        written: false
+      }
+    );
+  }
+  if (!pathResolvesInsideDir(registryRootPath, registryDir)) {
+    return commandResult(
+      false,
+      command,
+      EXIT.failure,
+      [diag("release.registry_root_outside_registry", "--registry-root must resolve inside --registry-dir")],
+      {
+        summary: "Registry-root evidence must belong to the selected registry directory",
+        nextActions: [
+          nextAction(
+            "use-registry-root-from-registry",
+            "Pass the signed registry-root evidence from the selected registry directory",
+            `mda release finalize --target llmix-registry --registry-dir ${registryDir} --registry-root ${registryDir}/snapshots/current/registry-root.json --release-plan ${releasePlanPath} --policy ${policyPath} --derive-root-digest --out ${out}`
+          )
+        ],
+        registryDir,
+        registryRoot: registryRootPath,
+        out,
+        written: false
+      }
+    );
+  }
+  const policy = readJson(policyPath);
+  if (!policy.ok) return ioError(command, policy.message, { registryDir, registryRoot: registryRootPath, policy: policyPath });
+  const policyValidation = validateJsonAgainst(policy.value, "trustPolicy");
+  if (!policyValidation.ok)
+    return commandResult(false, command, EXIT.failure, policyValidation.diagnostics, {
+      registryDir,
+      registryRoot: registryRootPath,
+      policy: policyPath,
+      written: false
+    });
+  const releasePlan = readJson(releasePlanPath);
+  if (!releasePlan.ok) return ioError(command, releasePlan.message, { releasePlan: releasePlanPath, written: false });
+  const registryRoot = readJson(registryRootPath);
+  if (!registryRoot.ok) return ioError(command, registryRoot.message, { registryRoot: registryRootPath, written: false });
+  const diagnostics = [];
+  const rootEvidence = validateRegistryRootEvidence(registryRoot.value);
+  diagnostics.push(...rootEvidence.diagnostics);
+  const releasePlanEvidence = validateReleasePlanEvidence(releasePlan.value);
+  diagnostics.push(...releasePlanEvidence.diagnostics);
+  if (rootEvidence.ok && releasePlanEvidence.ok) {
+    const expectedRootDigest = expectedRootDigestOption ?? rootEvidence.rootDigest;
+    if (expectedRootDigest !== rootEvidence.rootDigest) {
+      diagnostics.push(diag("llmix.root_digest_mismatch", "Expected root digest does not match signed registry-root evidence"));
+    }
+    diagnostics.push(
+      ...freshnessDiagnostics(rootEvidence.root, {
+        minimumRevision: oneOption(parsed.options, "--minimum-revision"),
+        minimumPublishedAt: oneOption(parsed.options, "--minimum-published-at"),
+        highWatermark: oneOption(parsed.options, "--high-watermark")
+      })
+    );
+    diagnostics.push(...sourceSetDiagnostics(rootEvidence.root, releasePlanEvidence.releasePlan));
+    const signatureVerification = verifySignatureEntries(
+      rootEvidence.root.signatures,
+      rootEvidence.root.integrity,
+      policy.value,
+      oneOption(parsed.options, "--did-document"),
+      oneOption(parsed.options, "--offline-sigstore-fixture")
+    );
+    if (signatureVerification.malformed) {
+      diagnostics.push(diag("signature.invalid_entry", "Registry-root signature entry is malformed"));
+    } else if (signatureVerification.trusted.size === 0) {
+      diagnostics.push(
+        ...signatureVerification.rejectedTrusted.length > 0 ? signatureVerification.rejectedTrusted : [diag("trust_policy.no_trusted_signature", "No registry-root signature matched the trust policy")]
+      );
+    } else {
+      const minSignatures = trustPolicyMinSignatures(policy.value);
+      if (signatureVerification.trusted.size < minSignatures) {
+        diagnostics.push(
+          diag(
+            "trust_policy.insufficient_trusted_signatures",
+            `${signatureVerification.trusted.size} trusted signer identities < ${minSignatures}`
+          )
+        );
+      }
+    }
+    if (diagnostics.length === 0) {
+      const trustedSignerIdentity = firstTrustedSignerIdentity(signatureVerification.trustedSignerIdentities);
+      const manifest = {
+        version: 1,
+        kind: "llmix-trust-manifest",
+        expectedRootDigest,
+        sourceSetDigest: rootEvidence.root.sourceSetDigest,
+        releasePlanDigest: computeDigest(Buffer.from(jcs(releasePlan.value), "utf8"), "sha256"),
+        registryRootTrustPolicy: policy.value,
+        rekorPolicy: isRecord(policy.value) && isRecord(policy.value.rekor) ? policy.value.rekor : null,
+        minimumRevision: oneOption(parsed.options, "--minimum-revision") ?? null,
+        minimumPublishedAt: oneOption(parsed.options, "--minimum-published-at") ?? null,
+        highWatermark: oneOption(parsed.options, "--high-watermark") ?? rootEvidence.root.highWatermark,
+        registryRootSignerIdentity: trustedSignerIdentity,
+        registryRoot: {
+          path: registryRootPath,
+          revision: rootEvidence.root.revision,
+          publishedAt: rootEvidence.root.publishedAt,
+          highWatermark: rootEvidence.root.highWatermark
+        },
+        releasePlan: { path: releasePlanPath, sourceCount: releasePlanEvidence.releasePlan.sources.length }
+      };
+      try {
+        atomicWrite(out, `${JSON.stringify(manifest, null, 2)}
+`);
+      } catch (error) {
+        return ioError(command, error instanceof Error ? error.message : String(error), { out, written: false });
+      }
+      return commandResult(true, command, EXIT.ok, [], {
+        summary: "Finalized external LLMix deployment trust manifest",
+        artifacts: [artifact("llmix-trust-manifest", out, void 0, expectedRootDigest)],
+        nextActions: [
+          externalNextAction(
+            "install-external-trust-manifest",
+            "Install this external trust manifest in the deployment configuration outside config/llm",
+            `copy ${out} into the deployment config path consumed by secure LLMix startup`,
+            false
+          ),
+          externalNextAction(
+            "deploy-signed-registry",
+            "Deploy only the signed registry files covered by this manifest and release plan",
+            `publish ${registryDir} with registry root ${registryRootPath} and release plan ${releasePlanPath}`,
+            false
+          )
+        ],
+        message: `wrote ${out}`,
+        registryDir,
+        registryRoot: registryRootPath,
+        releasePlan: releasePlanPath,
+        out,
+        expectedRootDigest,
+        sourceSetDigest: rootEvidence.root.sourceSetDigest,
+        written: true
+      });
+    }
+  }
+  return commandResult(false, command, EXIT.failure, diagnostics, {
+    summary: "Release finalize blocked",
+    nextActions: [
+      nextAction(
+        "fix-registry-root",
+        "Fix registry-root evidence, signature, freshness, or source-set mismatches before writing deployment anchors",
+        `mda release finalize --target llmix-registry --registry-dir ${registryDir} --registry-root ${registryRootPath} --release-plan ${releasePlanPath} --policy ${policyPath} --derive-root-digest --out ${out}`
+      )
+    ],
+    registryDir,
+    registryRoot: registryRootPath,
+    releasePlan: releasePlanPath,
+    out,
+    written: false
+  });
+}
+function runLlmixTrustSnippets(args, command = "release finalize") {
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, ["--target", "--registry-dir", "--manifest", "--snippet-format", "--snippet-out"]);
+  if (err) return usage(command, err);
+  const targetErr = releaseTargetError(command, parsed);
+  if (targetErr) return targetErr;
+  if (parsed.positional.length !== 0) return usage(command, `${command} takes no positional arguments`);
+  const registryDir = oneOption(parsed.options, "--registry-dir");
+  const manifestPath = oneOption(parsed.options, "--manifest");
+  const format = oneOption(parsed.options, "--snippet-format");
+  const out = oneOption(parsed.options, "--snippet-out");
+  if (!registryDir) {
+    return commandResult(
+      false,
+      command,
+      EXIT.failure,
+      [diag("release.registry_dir_required", "--registry-dir <dir> is required for snippet output")],
+      {
+        summary: "Release snippet generation blocked",
+        nextActions: [
+          nextAction(
+            "add-registry-dir",
+            "Pass the registry directory so MDA can prove trust artifacts remain outside it",
+            `mda release finalize --target llmix-registry --registry-dir <registry-dir> --manifest ${manifestPath ?? "<manifest>"} --snippet-format ${format ?? "env"} --snippet-out ${out ?? "release/trust.env"}`
+          )
+        ],
+        manifest: manifestPath,
+        format,
+        out,
+        written: false
+      }
+    );
+  }
+  if (!manifestPath) return usage(command, "--manifest <path> is required");
+  if (!format) return usage(command, "--snippet-format <format> is required");
+  if (!LLMIX_SNIPPET_FORMATS.has(format))
+    return usage(command, "--snippet-format must be json, env, kubernetes, github-actions, terraform, typescript, python, or rust");
+  if (!out) return usage(command, "--snippet-out <file> is required");
+  if (existsSync4(out)) {
+    return ioError(command, `Refusing to overwrite existing file: ${out}`, {
+      manifest: manifestPath,
+      format,
+      out,
+      written: false
+    });
+  }
+  if (pathResolvesInsideDir(manifestPath, registryDir) || pathResolvesInsideDir(out, registryDir)) {
+    return commandResult(
+      false,
+      command,
+      EXIT.failure,
+      [diag("release.trust_artifact_inside_registry", "--manifest and --snippet-out must resolve outside --registry-dir")],
+      {
+        summary: "Release trust artifacts must be outside the registry directory",
+        nextActions: [
+          nextAction(
+            "write-external-snippet",
+            "Write deployment snippets outside config/llm or the selected registry directory",
+            `mda release finalize --target llmix-registry --registry-dir ${registryDir} --manifest release/llmix-trust.json --snippet-format ${format} --snippet-out release/trust.${format}`
+          )
+        ],
+        registryDir,
+        manifest: manifestPath,
+        format,
+        out,
+        written: false
+      }
+    );
+  }
+  const manifestRead = readJson(manifestPath);
+  if (!manifestRead.ok) return ioError(command, manifestRead.message, { manifest: manifestPath, out, written: false });
+  const manifest = validateTrustManifestEvidence(manifestRead.value);
+  if (!manifest.ok) {
+    return commandResult(false, command, EXIT.failure, manifest.diagnostics, {
+      summary: "Release snippet generation blocked",
+      nextActions: [
+        nextAction(
+          "regenerate-trust-manifest",
+          "Regenerate a valid external trust manifest before producing deployment snippets",
+          "mda release finalize --target llmix-registry --registry-dir <registry> --registry-root <registry-root.json> --release-plan <release-plan.json> --policy <policy.json> --derive-root-digest --out release/llmix-trust.json"
+        )
+      ],
+      manifest: manifestPath,
+      format,
+      out,
+      written: false
+    });
+  }
+  const content = renderLlmixTrustSnippet(format, manifestPath, manifest.manifest);
+  try {
+    atomicWrite(out, content);
+  } catch (error) {
+    return ioError(command, error instanceof Error ? error.message : String(error), {
+      manifest: manifestPath,
+      format,
+      out,
+      written: false
+    });
+  }
+  return commandResult(true, command, EXIT.ok, [], {
+    summary: `Wrote ${format} LLMix deployment trust snippet`,
+    artifacts: [artifact("llmix-trust-snippet", out)],
+    nextActions: [
+      externalNextAction(
+        "install-deployment-snippet",
+        "Install this snippet in deployment configuration outside config/llm",
+        `wire ${out} into the deployment environment that starts secure LLMix`,
+        false
+      ),
+      nextAction(
+        "run-release-doctor",
+        "Check the source, registry, and manifest before deployment",
+        `mda doctor release --target llmix-registry --source <source-dir> --registry-dir <registry-dir> --release-plan ${manifest.manifest.releasePlan.path} --manifest ${manifestPath}`,
+        false
+      )
+    ],
+    message: `wrote ${out}`,
+    manifest: manifestPath,
+    format,
+    out,
+    written: true
+  });
+}
+function runDoctor(args) {
+  if (args[0] === "llmix") return migratedCommand("doctor llmix", "mda doctor release --target llmix-registry");
+  if (args[0] !== "release") return usage("doctor", "Expected subcommand: doctor release --target llmix-registry");
+  return runDoctorRelease(args.slice(1));
+}
+function runDoctorRelease(args) {
+  const command = "doctor release";
+  const parsed = parseOptions(args);
+  const err = unknownOptions(parsed, [
+    "--target",
+    "--source",
+    "--registry-dir",
+    "--release-plan",
+    "--manifest",
+    "--did-document",
+    "--offline-sigstore-fixture"
+  ]);
+  if (err) return usage(command, err);
+  const targetErr = releaseTargetError(command, parsed);
+  if (targetErr) return targetErr;
+  if (parsed.positional.length !== 0) return usage(command, `${command} takes no positional arguments`);
+  const sourceDir = oneOption(parsed.options, "--source");
+  const registryDir = oneOption(parsed.options, "--registry-dir");
+  const releasePlanPath = oneOption(parsed.options, "--release-plan");
+  const manifestPath = oneOption(parsed.options, "--manifest");
+  const didDocumentPath = oneOption(parsed.options, "--did-document");
+  const sigstoreFixturePath = oneOption(parsed.options, "--offline-sigstore-fixture");
+  if (!sourceDir) return usage(command, "--source <dir> is required");
+  if (!registryDir) return usage(command, "--registry-dir <dir> is required");
+  if (!releasePlanPath) return usage(command, "--release-plan <path> is required");
+  if (!manifestPath) return usage(command, "--manifest <path> is required");
+  if (!existsSync4(releasePlanPath)) {
+    return commandResult(false, command, EXIT.failure, [diag("llmix.release_plan_missing", "Release plan is missing")], {
+      summary: "Release doctor found readiness issues",
+      nextActions: [
+        nextAction(
+          "create-release-plan",
+          "Prepare the verified release plan before final deployment checks",
+          `mda release prepare --target llmix-registry --source ${sourceDir} --registry-dir ${registryDir} --policy <policy.json> --out ${releasePlanPath}`
+        )
+      ],
+      sourceDir,
+      registryDir,
+      releasePlan: releasePlanPath,
+      manifest: manifestPath,
+      readOnly: true,
+      written: false
+    });
+  }
+  if (!existsSync4(manifestPath)) {
+    return commandResult(false, command, EXIT.failure, [diag("llmix.manifest_missing", "Trust manifest is missing")], {
+      summary: "Release doctor found readiness issues",
+      nextActions: [
+        nextAction(
+          "create-trust-manifest",
+          "Generate the external deployment trust manifest before release",
+          `mda release finalize --target llmix-registry --registry-dir ${registryDir} --registry-root <registry-root.json> --release-plan ${releasePlanPath} --policy <policy.json> --derive-root-digest --out ${manifestPath}`
+        )
+      ],
+      sourceDir,
+      registryDir,
+      releasePlan: releasePlanPath,
+      manifest: manifestPath,
+      readOnly: true,
+      written: false
+    });
+  }
+  const manifestRead = readJson(manifestPath);
+  if (!manifestRead.ok)
+    return ioError(command, manifestRead.message, {
+      sourceDir,
+      registryDir,
+      releasePlan: releasePlanPath,
+      manifest: manifestPath,
+      readOnly: true,
+      written: false
+    });
+  const diagnostics = [];
+  const checks = [];
+  if (pathResolvesInsideDir(manifestPath, registryDir)) {
+    diagnostics.push(diag("release.trust_artifact_inside_registry", "--manifest must resolve outside --registry-dir"));
+    checks.push({ id: "manifest-placement", ok: false });
+  } else {
+    checks.push({ id: "manifest-placement", ok: true });
+  }
+  const requestedReleasePlanRead = readJson(releasePlanPath);
+  if (!requestedReleasePlanRead.ok) diagnostics.push(diag("filesystem.io", requestedReleasePlanRead.message, { path: releasePlanPath }));
+  const requestedReleasePlanEvidence = requestedReleasePlanRead.ok ? validateReleasePlanEvidence(requestedReleasePlanRead.value) : null;
+  if (requestedReleasePlanEvidence) diagnostics.push(...requestedReleasePlanEvidence.diagnostics);
+  checks.push({ id: "release-plan-input", ok: Boolean(requestedReleasePlanEvidence?.ok) });
+  const manifest = validateTrustManifestEvidence(manifestRead.value);
+  diagnostics.push(...manifest.diagnostics);
+  checks.push({ id: "trust-manifest-shape", ok: manifest.ok });
+  if (manifest.ok) {
+    const registryRootInsideRegistry = pathResolvesInsideDir(manifest.manifest.registryRoot.path, registryDir);
+    if (!registryRootInsideRegistry) {
+      diagnostics.push(
+        diag("release.registry_root_outside_registry", "Trust manifest registryRoot.path must resolve inside --registry-dir")
+      );
+    }
+    checks.push({ id: "registry-root-placement", ok: registryRootInsideRegistry });
+    const registryRootRead = registryRootInsideRegistry ? readJson(manifest.manifest.registryRoot.path) : null;
+    if (registryRootRead && !registryRootRead.ok)
+      diagnostics.push(diag("filesystem.io", registryRootRead.message, { path: manifest.manifest.registryRoot.path }));
+    if (manifest.manifest.releasePlan.path !== releasePlanPath)
+      diagnostics.push(diag("llmix.release_plan_digest_mismatch", "Trust manifest releasePlan.path does not match --release-plan"));
+    const releasePlanRead = readJson(releasePlanPath);
+    if (!releasePlanRead.ok) diagnostics.push(diag("filesystem.io", releasePlanRead.message, { path: manifest.manifest.releasePlan.path }));
+    const rootEvidence = registryRootRead?.ok ? validateRegistryRootEvidence(registryRootRead.value) : null;
+    const releasePlanEvidence = releasePlanRead.ok ? validateReleasePlanEvidence(releasePlanRead.value) : null;
+    if (rootEvidence) diagnostics.push(...rootEvidence.diagnostics);
+    if (releasePlanEvidence) diagnostics.push(...releasePlanEvidence.diagnostics);
+    checks.push({ id: "registry-root-evidence", ok: Boolean(rootEvidence?.ok) });
+    checks.push({ id: "release-plan-evidence", ok: Boolean(releasePlanEvidence?.ok) });
+    if (rootEvidence?.ok && releasePlanEvidence?.ok) {
+      if (manifest.manifest.expectedRootDigest !== rootEvidence.rootDigest)
+        diagnostics.push(diag("llmix.root_digest_mismatch", "Trust manifest expectedRootDigest does not match registry-root evidence"));
+      if (manifest.manifest.sourceSetDigest !== rootEvidence.root.sourceSetDigest)
+        diagnostics.push(diag("llmix.source_set_digest_mismatch", "Trust manifest sourceSetDigest does not match registry-root evidence"));
+      if (manifest.manifest.releasePlanDigest !== computeDigest(Buffer.from(jcs(releasePlanRead.value), "utf8"), "sha256"))
+        diagnostics.push(diag("llmix.release_plan_digest_mismatch", "Trust manifest releasePlanDigest does not match release plan"));
+      diagnostics.push(...sourceSetDiagnostics(rootEvidence.root, releasePlanEvidence.releasePlan));
+      diagnostics.push(
+        ...freshnessDiagnostics(rootEvidence.root, {
+          minimumRevision: manifest.manifest.minimumRevision,
+          minimumPublishedAt: manifest.manifest.minimumPublishedAt,
+          highWatermark: manifest.manifest.highWatermark
+        })
+      );
+      const signatureVerification = verifySignatureEntries(
+        rootEvidence.root.signatures,
+        rootEvidence.root.integrity,
+        manifest.manifest.registryRootTrustPolicy,
+        didDocumentPath,
+        sigstoreFixturePath
+      );
+      if (signatureVerification.malformed) {
+        diagnostics.push(diag("signature.invalid_entry", "Registry-root signature entry is malformed"));
+      } else if (signatureVerification.trusted.size < trustPolicyMinSignatures(manifest.manifest.registryRootTrustPolicy)) {
+        diagnostics.push(
+          ...signatureVerification.rejectedTrusted.length > 0 ? signatureVerification.rejectedTrusted : [diag("trust_policy.no_trusted_signature", "Registry-root signatures do not match the embedded trust policy")]
+        );
+      }
+    }
+    checks.push({
+      id: "registry-root-trust",
+      ok: diagnostics.length === 0 && Boolean(rootEvidence?.ok && releasePlanEvidence?.ok)
+    });
+  }
+  const sourceReadiness = doctorSourceReadiness(sourceDir);
+  diagnostics.push(...sourceReadiness.diagnostics);
+  checks.push({ id: "source-readiness", ok: sourceReadiness.ok });
+  if (diagnostics.length > 0) {
+    return commandResult(false, command, EXIT.failure, diagnostics, {
+      summary: "Release doctor found readiness issues",
+      nextActions: [
+        nextAction(
+          "fix-release-state",
+          "Fix the reported source, registry, manifest, freshness, or placement issue and run doctor again",
+          `mda doctor release --target llmix-registry --source ${sourceDir} --registry-dir ${registryDir} --release-plan ${releasePlanPath} --manifest ${manifestPath}`
+        )
+      ],
+      sourceDir,
+      registryDir,
+      releasePlan: releasePlanPath,
+      manifest: manifestPath,
+      checks,
+      readOnly: true,
+      written: false
+    });
+  }
+  return commandResult(true, command, EXIT.ok, [], {
+    summary: "Release state is ready for secure LLMix deployment",
+    nextActions: [
+      externalNextAction(
+        "deploy-secure-llmix",
+        "Deploy the signed registry with the external trust manifest and generated deployment snippet",
+        "use the deployment system that mounts the manifest outside config/llm",
+        false
+      )
+    ],
+    sourceDir,
+    registryDir,
+    releasePlan: releasePlanPath,
+    manifest: manifestPath,
+    checks,
+    sourceCount: sourceReadiness.sourceCount,
+    readOnly: true,
+    written: false
+  });
+}
+function validateTrustManifestEvidence(value) {
+  const diagnostics = [];
+  if (!isRecord(value)) {
+    return { ok: false, diagnostics: [diag("llmix.trust_manifest_invalid", "Trust manifest must be a JSON object")] };
+  }
+  if (value.kind !== "llmix-trust-manifest")
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest kind must be llmix-trust-manifest"));
+  if (value.version !== 1) diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest version must be 1"));
+  if (typeof value.expectedRootDigest !== "string" || !DIGEST_PATTERN.test(value.expectedRootDigest))
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest expectedRootDigest must be a digest"));
+  if (typeof value.sourceSetDigest !== "string" || !DIGEST_PATTERN.test(value.sourceSetDigest))
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest sourceSetDigest must be a digest"));
+  if (typeof value.releasePlanDigest !== "string" || !DIGEST_PATTERN.test(value.releasePlanDigest))
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest releasePlanDigest must be a digest"));
+  if (!isNullableString(value.minimumRevision))
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest minimumRevision must be a string or null"));
+  if (!isNullableString(value.minimumPublishedAt))
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest minimumPublishedAt must be a string or null"));
+  if (!isNullableString(value.highWatermark))
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest highWatermark must be a string or null"));
+  if (!isRecord(value.registryRoot)) {
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest registryRoot must be an object"));
+  } else {
+    if (typeof value.registryRoot.path !== "string" || value.registryRoot.path.length === 0)
+      diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest registryRoot.path must be a non-empty string"));
+    if (typeof value.registryRoot.revision !== "string" || value.registryRoot.revision.length === 0)
+      diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest registryRoot.revision must be a non-empty string"));
+    if (typeof value.registryRoot.publishedAt !== "string" || Number.isNaN(Date.parse(value.registryRoot.publishedAt)))
+      diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest registryRoot.publishedAt must be an ISO timestamp"));
+    if (typeof value.registryRoot.highWatermark !== "string" || value.registryRoot.highWatermark.length === 0)
+      diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest registryRoot.highWatermark must be a non-empty string"));
+  }
+  if (!isRecord(value.releasePlan)) {
+    diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest releasePlan must be an object"));
+  } else {
+    if (typeof value.releasePlan.path !== "string" || value.releasePlan.path.length === 0)
+      diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest releasePlan.path must be a non-empty string"));
+    const sourceCount = value.releasePlan.sourceCount;
+    if (typeof sourceCount !== "number" || !Number.isInteger(sourceCount) || sourceCount < 0)
+      diagnostics.push(diag("llmix.trust_manifest_invalid", "Trust manifest releasePlan.sourceCount must be a non-negative integer"));
+  }
+  if (diagnostics.length > 0) return { ok: false, diagnostics };
+  return { ok: true, diagnostics, manifest: value };
+}
+function isNullableString(value) {
+  return value === null || typeof value === "string";
+}
+function renderLlmixTrustSnippet(format, manifestPath, manifest) {
+  const vars = {
+    LLMIX_TRUST_MANIFEST: manifestPath,
+    LLMIX_EXPECTED_ROOT_DIGEST: manifest.expectedRootDigest,
+    LLMIX_SOURCE_SET_DIGEST: manifest.sourceSetDigest,
+    LLMIX_RELEASE_PLAN_DIGEST: manifest.releasePlanDigest,
+    LLMIX_REGISTRY_ROOT: manifest.registryRoot.path,
+    LLMIX_RELEASE_PLAN: manifest.releasePlan.path,
+    LLMIX_HIGH_WATERMARK: manifest.highWatermark ?? ""
+  };
+  if (format === "json") return `${JSON.stringify(vars, null, 2)}
+`;
+  if (format === "env")
+    return `${Object.entries(vars).map(([key, value]) => `${key}=${JSON.stringify(value)}`).join("\n")}
+`;
+  if (format === "kubernetes") {
+    return [
+      "apiVersion: v1",
+      "kind: ConfigMap",
+      "metadata:",
+      "  name: llmix-trust",
+      "data:",
+      ...Object.entries(vars).map(([key, value]) => `  ${key}: ${JSON.stringify(value)}`),
+      ""
+    ].join("\n");
+  }
+  if (format === "github-actions") {
+    return ["env:", ...Object.entries(vars).map(([key, value]) => `  ${key}: ${JSON.stringify(value)}`), ""].join("\n");
+  }
+  if (format === "terraform") {
+    return [
+      "locals {",
+      "  llmix_trust = {",
+      ...Object.entries(vars).map(([key, value]) => `    ${key} = ${JSON.stringify(value)}`),
+      "  }",
+      "}",
+      ""
+    ].join("\n");
+  }
+  if (format === "typescript") return `export const llmixTrust = ${JSON.stringify(vars, null, 2)} as const;
+`;
+  if (format === "python") return `LLMIX_TRUST = ${JSON.stringify(vars, null, 2)}
+`;
+  return `${Object.entries(vars).map(([key, value]) => `pub const ${key}: &str = ${JSON.stringify(value)};`).join("\n")}
+`;
+}
+function doctorSourceReadiness(sourceDir) {
+  const diagnostics = [];
+  const scanned = scanMdaSources(resolve3(sourceDir));
+  if (!scanned.ok) return { ok: false, diagnostics: [diag("filesystem.io", scanned.message)], sourceCount: 0 };
+  if (scanned.files.length === 0) {
+    return {
+      ok: false,
+      diagnostics: [diag("llmix.no_sources", "No .mda sources found under --source")],
+      sourceCount: 0
+    };
+  }
+  for (const file of scanned.files) {
+    const validation = validateArtifact(file, "source");
+    if (!validation.ok) diagnostics.push(...validation.diagnostics.map((d) => ({ ...d, path: file })));
+    const integrity = runIntegrity(["verify", file, "--target", "source"]);
+    if (!integrity.ok) diagnostics.push(...integrity.diagnostics.map((d) => ({ ...d, path: file })));
+  }
+  return { ok: diagnostics.length === 0, diagnostics, sourceCount: scanned.files.length };
+}
+function validateRegistryRootEvidence(value) {
+  const diagnostics = [];
+  if (!isRecord(value)) {
+    return { ok: false, diagnostics: [diag("llmix.registry_root_invalid", "Registry-root evidence must be a JSON object")] };
+  }
+  if (value.kind !== "llmix-registry-root")
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root kind must be llmix-registry-root"));
+  if (value.version !== 1) diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root version must be 1"));
+  if (typeof value.revision !== "string" || value.revision.length === 0)
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root revision must be a non-empty string"));
+  if (typeof value.publishedAt !== "string" || Number.isNaN(Date.parse(value.publishedAt)))
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root publishedAt must be an ISO timestamp"));
+  if (typeof value.highWatermark !== "string" || value.highWatermark.length === 0)
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root highWatermark must be a non-empty string"));
+  if (typeof value.sourceSetDigest !== "string" || !DIGEST_PATTERN.test(value.sourceSetDigest))
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root sourceSetDigest must be a digest"));
+  const sources = Array.isArray(value.sources) ? value.sources : null;
+  if (!sources) {
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root sources must be an array"));
+  } else {
+    for (const [index, source] of sources.entries()) {
+      if (!isRecord(source)) diagnostics.push(diag("llmix.registry_root_invalid", `Registry-root sources[${index}] must be a JSON object`));
+    }
+  }
+  if (!isRecord(value.integrity) || value.integrity.algorithm !== "sha256" || typeof value.integrity.digest !== "string") {
+    diagnostics.push(diag("llmix.registry_root_invalid", "Registry-root integrity must contain sha256 digest"));
+  }
+  if (!Array.isArray(value.signatures) || value.signatures.length === 0)
+    diagnostics.push(diag("missing-required-signature", "Registry-root evidence requires signatures[]"));
+  const rootDigest = computeDigest(Buffer.from(jcs(unsignedRegistryRoot(value)), "utf8"), "sha256");
+  if (isRecord(value.integrity) && typeof value.integrity.digest === "string" && value.integrity.digest !== rootDigest) {
+    diagnostics.push(diag("integrity.mismatch", "Registry-root integrity digest does not match canonical evidence bytes"));
+  }
+  if (diagnostics.length > 0) return { ok: false, diagnostics };
+  const root = {
+    revision: value.revision,
+    publishedAt: value.publishedAt,
+    highWatermark: value.highWatermark,
+    sourceSetDigest: value.sourceSetDigest,
+    sources,
+    integrity: value.integrity,
+    signatures: value.signatures
+  };
+  return {
+    ok: true,
+    diagnostics,
+    rootDigest,
+    root
+  };
+}
+function unsignedRegistryRoot(root) {
+  const unsigned = {};
+  for (const [key, value] of Object.entries(root)) {
+    if (key !== "integrity" && key !== "signatures") unsigned[key] = value;
+  }
+  return unsigned;
+}
+function validateReleasePlanEvidence(value) {
+  const diagnostics = [];
+  if (!isRecord(value)) {
+    return { ok: false, diagnostics: [diag("llmix.release_plan_invalid", "Release plan must be a JSON object")] };
+  }
+  if (value.kind !== "llmix-release-plan")
+    diagnostics.push(diag("llmix.release_plan_invalid", "Release plan kind must be llmix-release-plan"));
+  if (typeof value.sourceSetDigest !== "string" || !DIGEST_PATTERN.test(value.sourceSetDigest))
+    diagnostics.push(diag("llmix.release_plan_invalid", "Release plan sourceSetDigest must be a digest"));
+  const sources = Array.isArray(value.sources) ? value.sources : null;
+  if (!sources) {
+    diagnostics.push(diag("llmix.release_plan_invalid", "Release plan sources must be an array"));
+  } else {
+    for (const [index, source] of sources.entries()) {
+      if (!isRecord(source)) diagnostics.push(diag("llmix.release_plan_invalid", `Release plan sources[${index}] must be a JSON object`));
+    }
+  }
+  if (diagnostics.length > 0) return { ok: false, diagnostics };
+  const releasePlan = {
+    sourceSetDigest: value.sourceSetDigest,
+    sources
+  };
+  return {
+    ok: true,
+    diagnostics,
+    releasePlan
+  };
+}
+function freshnessDiagnostics(root, requirements) {
+  const diagnostics = [];
+  if (requirements.minimumRevision) {
+    const comparison = compareMonotonicRequirement(root.revision, requirements.minimumRevision, "revision");
+    if (!comparison.ok) diagnostics.push(...comparison.diagnostics);
+    else if (comparison.value < 0)
+      diagnostics.push(diag("llmix.freshness_revision_rollback", "Registry-root revision is below minimumRevision"));
+  }
+  if (requirements.minimumPublishedAt) {
+    const publishedAt = Date.parse(root.publishedAt);
+    const minimumPublishedAt = Date.parse(requirements.minimumPublishedAt);
+    if (Number.isNaN(minimumPublishedAt))
+      diagnostics.push(diag("llmix.freshness_invalid", "--minimum-published-at must be an ISO timestamp"));
+    else if (publishedAt < minimumPublishedAt)
+      diagnostics.push(diag("llmix.freshness_published_at_rollback", "Registry-root publishedAt is below minimumPublishedAt"));
+  }
+  if (requirements.highWatermark) {
+    const comparison = compareMonotonicRequirement(root.highWatermark, requirements.highWatermark, "highWatermark");
+    if (!comparison.ok) diagnostics.push(...comparison.diagnostics);
+    else if (comparison.value < 0)
+      diagnostics.push(diag("llmix.high_watermark_rollback", "Registry-root highWatermark is below the required high-watermark"));
+  }
+  return diagnostics;
+}
+function compareMonotonicRequirement(actual, requirement, label) {
+  const actualValue = parseMonotonicValue(actual, `registry-root ${label}`);
+  const requiredValue = parseMonotonicValue(requirement, `required ${label}`);
+  const diagnostics = [...actualValue.diagnostics, ...requiredValue.diagnostics];
+  if (!actualValue.ok || !requiredValue.ok) return { ok: false, diagnostics };
+  if (actualValue.value.kind !== requiredValue.value.kind) {
+    return {
+      ok: false,
+      diagnostics: [diag("llmix.freshness_invalid", `${label} and required ${label} must use the same monotonic format`)]
+    };
+  }
+  return { ok: true, value: compareMonotonicValues(actualValue.value, requiredValue.value) };
+}
+function parseMonotonicValue(value, label) {
+  if (/^(0|[1-9][0-9]*)$/.test(value)) {
+    return { ok: true, diagnostics: [], value: { kind: "integer", value } };
+  }
+  const compactUtc = value.match(/^([0-9]{4})-([0-9]{2})-([0-9]{2})T([0-9]{2})([0-9]{2})([0-9]{2})Z$/);
+  const millis = compactUtc ? Date.UTC(
+    Number(compactUtc[1]),
+    Number(compactUtc[2]) - 1,
+    Number(compactUtc[3]),
+    Number(compactUtc[4]),
+    Number(compactUtc[5]),
+    Number(compactUtc[6])
+  ) : Date.parse(value);
+  if (!Number.isNaN(millis)) {
+    return { ok: true, diagnostics: [], value: { kind: "timestamp", value: millis } };
+  }
+  return {
+    ok: false,
+    diagnostics: [
+      diag(
+        "llmix.freshness_invalid",
+        `${label} must be a decimal integer, ISO timestamp, or compact UTC timestamp like 2026-05-09T120000Z`
+      )
+    ]
+  };
+}
+function compareMonotonicValues(actual, requirement) {
+  if (actual.kind === "timestamp" && requirement.kind === "timestamp") return actual.value - requirement.value;
+  if (actual.kind === "integer" && requirement.kind === "integer") {
+    if (actual.value.length !== requirement.value.length) return actual.value.length - requirement.value.length;
+    return actual.value.localeCompare(requirement.value);
+  }
+  return 0;
+}
+function sourceSetDiagnostics(root, releasePlan) {
+  const diagnostics = [];
+  if (root.sourceSetDigest !== releasePlan.sourceSetDigest) {
+    diagnostics.push(diag("llmix.source_set_digest_mismatch", "Registry-root sourceSetDigest does not match the release plan"));
+  }
+  const rootSources = /* @__PURE__ */ new Map();
+  for (const source of root.sources) {
+    const identity = registryEntryIdentity(source);
+    if (!identity) {
+      diagnostics.push(diag("llmix.registry_root_identity_mismatch", "Registry-root source is missing registry entry identity"));
+      continue;
+    }
+    if (rootSources.has(identity)) {
+      diagnostics.push(diag("llmix.registry_root_duplicate_preset", `Registry-root has duplicate preset ${identity}`));
+      continue;
+    }
+    rootSources.set(identity, source);
+  }
+  const releaseIdentities = /* @__PURE__ */ new Set();
+  for (const source of releasePlan.sources) {
+    const identity = registryEntryIdentity(source);
+    if (!identity) {
+      diagnostics.push(diag("llmix.release_plan_invalid", "Release plan source is missing registry entry identity"));
+      continue;
+    }
+    if (releaseIdentities.has(identity)) {
+      diagnostics.push(diag("llmix.release_plan_duplicate_preset", `Release plan has duplicate preset ${identity}`));
+      continue;
+    }
+    releaseIdentities.add(identity);
+    const rootSource = rootSources.get(identity);
+    if (!rootSource) {
+      diagnostics.push(diag("llmix.registry_root_missing_preset", `Registry-root is missing preset ${identity}`));
+      continue;
+    }
+    if (rootSource.canonicalSourceDigest !== source.canonicalSourceDigest) {
+      diagnostics.push(diag("llmix.registry_root_stale_digest", `Registry-root digest for ${identity} does not match the release plan`));
+    }
+    if (rootSource.registryEntryPath !== source.expectedRegistryEntryPath) {
+      diagnostics.push(diag("llmix.registry_root_identity_mismatch", `Registry-root path for ${identity} does not match the release plan`));
+    }
+  }
+  for (const identity of rootSources.keys()) {
+    if (!releaseIdentities.has(identity))
+      diagnostics.push(diag("llmix.registry_root_extra_preset", `Registry-root has extra preset ${identity}`));
+  }
+  return diagnostics;
+}
+function registryEntryIdentity(source) {
+  const identity = source.registryEntryIdentity ?? source.expectedRegistryEntryIdentity;
+  return typeof identity === "string" && identity.length > 0 ? identity : null;
+}
+function pathResolvesInsideDir(candidate, rootDir) {
+  const root = realPathIfPossible(rootDir);
+  const resolvedCandidate = realPathCandidate(candidate);
+  return resolvedCandidate === root || resolvedCandidate.startsWith(`${root}${sep}`);
+}
+function realPathCandidate(candidate) {
+  const resolved = resolve3(candidate);
+  try {
+    return realpathSync(resolved);
+  } catch {
+    const parent = realPathIfPossible(dirname2(resolved));
+    return join2(parent, basename(resolved));
+  }
+}
+function realPathIfPossible(path) {
+  try {
+    return realpathSync(path);
+  } catch {
+    return resolve3(path);
+  }
+}
+function scanMdaSources(root) {
+  const files = [];
+  try {
+    const visit = (dir) => {
+      for (const entry of readdirSync2(dir, { withFileTypes: true }).sort((a, b) => a.name.localeCompare(b.name))) {
+        const path = join2(dir, entry.name);
+        if (entry.isDirectory()) visit(path);
+        else if (entry.isFile() && entry.name.endsWith(".mda")) files.push(path);
+      }
+    };
+    visit(root);
+    return { ok: true, files };
+  } catch (error) {
+    return { ok: false, message: error instanceof Error ? error.message : String(error) };
+  }
+}
+function relativePath(root, file) {
+  return relative2(root, file).split(sep).join("/");
+}
+function llmixPresetIdentity(frontmatter) {
+  const metadata = isRecord(frontmatter.metadata) ? frontmatter.metadata : null;
+  const namespace = metadata && isRecord(metadata["snoai-llmix"]) ? metadata["snoai-llmix"] : null;
+  if (!namespace || typeof namespace.module !== "string" || typeof namespace.preset !== "string") return null;
+  if (!LLMIX_MODULE_NAME2.test(namespace.module) || !LLMIX_PRESET_NAME2.test(namespace.preset)) return null;
+  return { module: namespace.module, preset: namespace.preset };
+}
+function firstTrustedSignerIdentity(value) {
+  if (!Array.isArray(value)) return null;
+  for (const entry of value) {
+    if (!isRecord(entry)) continue;
+    if (entry.type !== "did-web" && entry.type !== "sigstore-oidc") continue;
+    if (typeof entry.signer !== "string" || typeof entry.keyId !== "string" || typeof entry.payloadDigest !== "string") continue;
+    const identity = {
+      type: entry.type,
+      signer: entry.signer,
+      keyId: entry.keyId,
+      payloadDigest: entry.payloadDigest
+    };
+    if (typeof entry.subject === "string") identity.subject = entry.subject;
+    if (typeof entry.rekorLogId === "string") identity.rekorLogId = entry.rekorLogId;
+    if (typeof entry.rekorLogIndex === "number") identity.rekorLogIndex = entry.rekorLogIndex;
+    return identity;
+  }
+  return null;
+}
+function releaseTargetError(command, parsed) {
+  if ("error" in parsed && parsed.error) return usage(command, parsed.error);
+  const target = oneOption(parsed.options, "--target");
+  if (!target) return usage(command, "--target llmix-registry is required");
+  if (target === LLMIX_REGISTRY_TARGET) return null;
+  return commandResult(false, command, EXIT.failure, [diag("release.unsupported_target", `Unsupported release target: ${target}`)], {
+    summary: "Release target is not supported",
+    nextActions: [
+      nextAction(
+        "use-llmix-registry-target",
+        "Use the supported LLMix registry release target",
+        `mda ${command} --target ${LLMIX_REGISTRY_TARGET}`
+      )
+    ],
+    target,
+    supportedTargets: [LLMIX_REGISTRY_TARGET]
+  });
+}
+function migratedCommand(command, replacement) {
+  return commandResult(false, command, EXIT.failure, [diag("release.command_migrated", `Use ${replacement} instead of mda ${command}`)], {
+    summary: "Command moved to the generic release workflow",
+    nextActions: [nextAction("use-release-command", "Use the generic release command surface", replacement)]
+  });
+}
+function llmixMigrationReplacement(args) {
+  if (args[0] === "release" && args[1] === "plan") return "mda release prepare --target llmix-registry";
+  if (args[0] === "trust" && args[1] === "policy") return "mda release trust policy --target llmix-registry";
+  if (args[0] === "trust" && args[1] === "manifest") return "mda release finalize --target llmix-registry";
+  if (args[0] === "trust" && args[1] === "snippets") {
+    return "mda release finalize --target llmix-registry --registry-dir <registry-dir> --manifest <manifest> --snippet-format <format> --snippet-out <path>";
+  }
+  return "mda release --help";
+}
+function runDidWebTrustPolicy(options, command) {
+  const profile = "did-web";
+  const domain = oneOption(options, "--domain");
+  if (!domain || didWebDomainFromDid(`did:web:${domain}`) !== domain) return usage(command, "--domain must be a valid did:web domain");
+  const minRaw = oneOption(options, "--min-signatures") ?? "1";
+  const minSignatures = Number(minRaw);
+  if (!Number.isInteger(minSignatures) || minSignatures < 1) return usage(command, "--min-signatures must be a positive integer");
+  const policy = { version: 1, minSignatures, trustedSigners: [{ type: "did-web", domain }] };
+  const validation = validateJsonAgainst(policy, "trustPolicy");
+  if (!validation.ok) return commandResult(false, command, EXIT.failure, validation.diagnostics, { profile, domain, minSignatures });
+  const out = oneOption(options, "--out");
+  const write = writeTrustPolicy(command, out, policy, { profile, domain, minSignatures });
+  if (!write.ok) return write;
+  return commandResult(true, command, EXIT.ok, [], {
+    summary: out ? `Wrote did:web trust policy to ${out}` : "Generated did:web trust policy",
+    artifacts: out ? [artifact("trust-policy", out)] : [],
+    nextActions: out ? [
+      nextAction(
+        "verify-signed-preset",
+        "Verify a signed preset with this policy",
+        `mda verify signed.mda --target source --policy ${out} --did-document did-web-document.json`
+      )
+    ] : [externalNextAction("save-trust-policy", "Save this policy JSON before release verification", "write the policy bytes to disk")],
+    message: out ? `wrote ${out}` : JSON.stringify(policy, null, 2),
+    profile,
+    domain,
+    minSignatures,
+    policy,
+    out,
+    written: Boolean(out)
+  });
+}
+function runGithubActionsTrustPolicy(options, command) {
+  const profile = "github-actions";
+  const repo = oneOption(options, "--repo");
+  const workflow = oneOption(options, "--workflow");
+  const ref = oneOption(options, "--ref");
+  if (!repo || !GITHUB_REPOSITORY.test(repo)) return usage(command, "--repo must be a GitHub repository in owner/repo form");
+  if (!workflow || workflow.trim() !== workflow || workflow.length === 0)
+    return usage(command, "--workflow must be a non-empty workflow file or identity");
+  if (!ref || !GITHUB_REF.test(ref)) return usage(command, "--ref must be an exact Git ref such as refs/heads/main or refs/tags/v1.1.0");
+  const subject = `repo:${repo}:ref:${ref}`;
+  const policy = {
+    version: 1,
+    trustedSigners: [
+      {
+        type: "sigstore-oidc",
+        issuer: GITHUB_ACTIONS_ISSUER,
+        subject,
+        repository: repo,
+        workflow,
+        ref
+      }
+    ],
+    rekor: { url: SIGSTORE_REKOR_URL }
+  };
+  const validation = validateJsonAgainst(policy, "trustPolicy");
+  if (!validation.ok) return commandResult(false, command, EXIT.failure, validation.diagnostics, { profile, repo, workflow, ref });
+  const out = oneOption(options, "--out");
+  const write = writeTrustPolicy(command, out, policy, { profile, repo, workflow, ref });
+  if (!write.ok) return write;
+  return commandResult(true, command, EXIT.ok, [], {
+    summary: out ? `Wrote GitHub Actions trust policy to ${out}` : "Generated GitHub Actions trust policy",
+    artifacts: out ? [artifact("trust-policy", out)] : [],
+    nextActions: out ? [
+      nextAction(
+        "sign-github-actions-release",
+        "Sign the release artifact with GitHub Actions Sigstore/Rekor evidence",
+        `mda sign release.mda --profile github-actions --repo ${repo} --workflow ${workflow} --ref ${ref} --rekor --offline-sigstore-fixture sigstore-fixture.json --out signed-release.mda`
+      ),
+      nextAction(
+        "verify-github-actions-release",
+        "Verify the signed release with this pinned policy",
+        `mda verify signed-release.mda --policy ${out} --offline-sigstore-fixture sigstore-fixture.json`
+      )
+    ] : [externalNextAction("save-trust-policy", "Save this policy JSON before release verification", "write the policy bytes to disk")],
+    message: out ? `wrote ${out}` : JSON.stringify(policy, null, 2),
+    profile,
+    repo,
+    workflow,
+    ref,
+    policy,
+    out,
+    written: Boolean(out)
+  });
+}
+function writeTrustPolicy(command, out, policy, context) {
+  if (!out) {
+    return commandResult(true, command, EXIT.ok, [], { written: false });
+  }
+  if (existsSync4(out))
+    return commandResult(false, command, EXIT.io, [diag("filesystem.io", `Refusing to overwrite existing file: ${out}`)], {
+      ...context,
+      out,
+      written: false
+    });
+  try {
+    atomicWrite(out, `${JSON.stringify(policy, null, 2)}
+`);
+  } catch (error) {
+    return ioError(command, error instanceof Error ? error.message : String(error), {
+      ...context,
+      out,
+      written: false
+    });
+  }
+  return commandResult(true, command, EXIT.ok, [], { ...context, out, written: true });
+}
+
+// src/cli/main.ts
+async function main() {
+  const { globals, args } = splitGlobals(process.argv.slice(2));
+  try {
+    if (args.length === 0 || args.includes("--help") || args.includes("-h")) {
+      process.stdout.write(HELP);
+      process.exit(EXIT.ok);
+    }
+    const command = args[0];
+    const rest = args.slice(1);
+    const result = await runCommand(command, rest, globals);
+    writeResult(result, globals);
+    process.exit(result.exitCode);
+  } catch (error) {
+    const result = commandResult(false, "internal", EXIT.internal, [
+      diag("internal-error", error instanceof Error ? error.message : String(error))
+    ]);
+    writeResult(result, globals);
+    process.exit(result.exitCode);
+  }
+}
+async function runCommand(command, args, globals) {
+  if (command === "init") return runInit(args, globals);
+  if (command === "validate") return runValidate(args);
+  if (command === "compile") return runCompile(args);
+  if (command === "canonicalize") return runCanonicalize(args, globals);
+  if (command === "integrity") return runIntegrity(args);
+  if (command === "verify") return runVerify(args);
+  if (command === "sign") return runSign(args);
+  if (command === "release") return runRelease(args);
+  if (command === "llmix") return runLlmix(args);
+  if (command === "doctor") return runDoctor(args);
+  if (command === "conformance") return runConformance(args);
+  return usage("root", `Unknown command: ${command}`);
+}
+
 // src/index.ts
 void main();
 /*! Bundled license information: