@massu/core 1.9.5 → 1.10.1

package/dist/cli.js

@@ -1772,6 +1772,13 @@ function renderTemplate(template, vars) {
         throw new TemplateParseError("unclosed `{{` (no matching `}}`)", tokenStart);
       }
       const inner = template.slice(i + 2, closeIdx);
+      if (isJsxPassThrough(inner)) {
+        out.push("{{");
+        out.push(inner);
+        out.push("}}");
+        i = closeIdx + 2;
+        continue;
+      }
       const rendered = renderToken(inner, vars, tokenStart);
       out.push(rendered);
       i = closeIdx + 2;
@@ -1813,6 +1820,9 @@ function findTokenClose(template, start) {
   }
   return -1;
 }
+function isJsxPassThrough(inner) {
+  return inner.includes("\n");
+}
 function renderToken(inner, vars, tokenStart) {
   const trimmed = inner.trim();
   if (trimmed === "") {
@@ -2462,7 +2472,17 @@ function buildTemplateVars() {
     framework: config.framework,
     paths: config.paths,
     detected: config.detected ?? {},
-    config
+    config,
+    // P-H006 (plan-stage-c-high-batch): RESERVED CLAUDE CODE PLACEHOLDER.
+    // Claude Code reads `{{ARGUMENTS}}` as a runtime placeholder inside
+    // slash-command files. The Massu template engine has no native concept
+    // of reserved literals; we model the placeholder as a variable whose
+    // value IS the literal `{{ARGUMENTS}}` string. Because the engine never
+    // re-renders output, this passes through verbatim. Closes the bug class
+    // where `/massu-article-review`, `/massu-autoresearch`, etc. silently
+    // failed to install because the engine threw MissingVariableError on
+    // their {{ARGUMENTS}} usage.
+    ARGUMENTS: "{{ARGUMENTS}}"
   };
 }
 function installCommands(projectRoot, opts = {}) {
@@ -13226,6 +13246,15 @@ function buildConfigFromDetection(opts) {
       pathsSource = monorepoCommonRoot(detection.monorepo.packages);
     }
   }
+  if (pathsSource === "src" && !existsSync11(resolve7(projectRoot, "src"))) {
+    const fallbacks = ["app", "pages", "."];
+    for (const fallback of fallbacks) {
+      if (fallback === "." || existsSync11(resolve7(projectRoot, fallback))) {
+        pathsSource = fallback;
+        break;
+      }
+    }
+  }
   let monorepoRoots;
   if (detection.monorepo.type !== "single") {
     if (detection.monorepo.packages.length > 0) {
@@ -14447,6 +14476,35 @@ var init_license = __esm({
   }
 });
 
+// src/lib/hook-registry.ts
+function getExpectedHookFiles() {
+  return REGISTERED_HOOKS.map((name) => `${name}.js`);
+}
+var REGISTERED_HOOKS;
+var init_hook_registry = __esm({
+  "src/lib/hook-registry.ts"() {
+    "use strict";
+    REGISTERED_HOOKS = [
+      "auto-learning-pipeline",
+      "classify-failure",
+      "cost-tracker",
+      "fix-detector",
+      "incident-pipeline",
+      "intent-suggester",
+      "post-edit-context",
+      "post-tool-use",
+      "pre-compact",
+      "pre-delete-check",
+      "quality-event",
+      "rule-enforcement-pipeline",
+      "security-gate",
+      "session-end",
+      "session-start",
+      "user-prompt"
+    ];
+  }
+});
+
 // src/commands/doctor.ts
 var doctor_exports = {};
 __export(doctor_exports, {
@@ -14820,21 +14878,10 @@ var init_doctor = __esm({
     init_config();
     init_license();
     init_settings_local();
+    init_hook_registry();
     __filename3 = fileURLToPath3(import.meta.url);
     __dirname3 = dirname7(__filename3);
-    EXPECTED_HOOKS = [
-      "session-start.js",
-      "session-end.js",
-      "post-tool-use.js",
-      "user-prompt.js",
-      "pre-compact.js",
-      "pre-delete-check.js",
-      "post-edit-context.js",
-      "security-gate.js",
-      "cost-tracker.js",
-      "quality-event.js",
-      "intent-suggester.js"
-    ];
+    EXPECTED_HOOKS = getExpectedHookFiles();
   }
 });
 
@@ -28176,13 +28223,26 @@ function handleTrpcMap(args2, dataDb) {
     const total = dataDb.prepare("SELECT COUNT(*) as count FROM massu_trpc_procedures").get();
     const coupled = dataDb.prepare("SELECT COUNT(*) as count FROM massu_trpc_procedures WHERE has_ui_caller = 1").get();
     const uncoupled = total.count - coupled.count;
-    lines.push("## tRPC Procedure Summary");
-    lines.push(`- Total procedures: ${total.count}`);
-    lines.push(`- With UI callers: ${coupled.count}`);
-    lines.push(`- Without UI callers: ${uncoupled}`);
-    lines.push("");
-    lines.push('Use { router: "name" } to see details for a specific router.');
-    lines.push("Use { uncoupled: true } to see all procedures without UI callers.");
+    if (total.count === 0) {
+      lines.push("## tRPC Index Empty");
+      lines.push("");
+      lines.push("No tRPC procedures indexed yet. Either this repo has no tRPC");
+      lines.push("routers, or the CodeGraph index has not been built. To rebuild:");
+      lines.push("");
+      lines.push("  npx massu sync");
+      lines.push("");
+      lines.push("If `massu sync` completes successfully but `trpc_map` still");
+      lines.push("returns 0, the repo likely has no tRPC procedures (this is");
+      lines.push("expected for non-tRPC stacks \u2014 try `schema` or `domains` tools).");
+    } else {
+      lines.push("## tRPC Procedure Summary");
+      lines.push(`- Total procedures: ${total.count}`);
+      lines.push(`- With UI callers: ${coupled.count}`);
+      lines.push(`- Without UI callers: ${uncoupled}`);
+      lines.push("");
+      lines.push('Use { router: "name" } to see details for a specific router.');
+      lines.push("Use { uncoupled: true } to see all procedures without UI callers.");
+    }
   }
   return text17(lines.join("\n"));
 }
@@ -28525,8 +28585,14 @@ var init_tool_db_needs = __esm({
       coupling_check: ["codegraph", "data"],
       impact: ["codegraph", "data"],
       domains: ["codegraph", "data"],
-      // `trpc_map` reads only Data DB (tRPC index lives there); no CodeGraph access.
-      trpc_map: ["data"],
+      // P-H009 (plan-stage-c-high-batch): `trpc_map` queries Data DB tables
+      // populated by `ensureIndexes(d, codegraphDb)` — without CodeGraph the
+      // index never builds and the flagship code-intel tool silently returns
+      // "0 procedures" on fresh installs. Declaring `codegraph` here makes the
+      // dispatcher open the CodeGraph DB so `buildTrpcIndex` can run; the
+      // handler also surfaces an actionable hint when no procedures + no
+      // codegraph (covered by `trpc-map-empty-codegraph-hint.test.ts`).
+      trpc_map: ["codegraph", "data"],
       // `schema` reads filesystem (Prisma schema files); no DB access at all.
       schema: [],
       // === Memory tools (memory-tools.ts) ===

package/dist/hooks/auto-learning-pipeline.js

@@ -2,7 +2,7 @@
 import{createRequire as __cr}from"module";const require=__cr(import.meta.url);
 
 // src/hooks/auto-learning-pipeline.ts
-import { execSync } from "child_process";
+import { execFileSync } from "child_process";
 import { existsSync as existsSync2, readFileSync as readFileSync2, unlinkSync, readdirSync, statSync } from "fs";
 import { tmpdir } from "os";
 import { join } from "path";
@@ -490,6 +490,7 @@ Hint: run \`massu config refresh\` to regenerate a valid config or fix the liste
 }
 
 // src/hooks/auto-learning-pipeline.ts
+var MAX_FULL_DIFF_BYTES = 2 * 1024 * 1024;
 function getSessionFlagPath(sessionId) {
   return join(tmpdir(), "massu-auto-learning", `fixes-${sessionId.slice(0, 12)}.jsonl`);
 }
@@ -516,13 +517,34 @@ async function main() {
     }
     let uncommittedFix = false;
     try {
-      const diff = execSync("git diff --name-only", { cwd: root, timeout: 3e3, encoding: "utf-8" });
-      if (diff.trim()) {
-        const fullDiff = execSync("git diff", { cwd: root, timeout: 5e3, encoding: "utf-8" });
-        const fixPatterns = (fullDiff.match(/^\+.*(try|except|catch|guard|throw|raise|assert|validate|if.*null|if.*nil|if.*None|if.*undefined)/gm) || []).length;
-        const removedBroken = (fullDiff.match(/^-.*(bug|broken|crash|wrong|incorrect|typo|fail|error|miss|stale)/gm) || []).length;
-        if (fixPatterns > 3 || removedBroken > 1) {
-          uncommittedFix = true;
+      const nameOnly = execFileSync("git", ["diff", "--name-only"], {
+        cwd: root,
+        timeout: 3e3,
+        encoding: "utf-8",
+        maxBuffer: 1024 * 1024
+      });
+      if (nameOnly.trim()) {
+        const shortstat = execFileSync("git", ["diff", "--shortstat"], {
+          cwd: root,
+          timeout: 2e3,
+          encoding: "utf-8",
+          maxBuffer: 64 * 1024
+        });
+        const insertions = parseInt(shortstat.match(/(\d+) insertion/)?.[1] ?? "0", 10);
+        const deletions = parseInt(shortstat.match(/(\d+) deletion/)?.[1] ?? "0", 10);
+        const estimatedBytes = (insertions + deletions) * 80;
+        if (estimatedBytes <= MAX_FULL_DIFF_BYTES) {
+          const fullDiff = execFileSync("git", ["diff"], {
+            cwd: root,
+            timeout: 5e3,
+            encoding: "utf-8",
+            maxBuffer: MAX_FULL_DIFF_BYTES
+          });
+          const fixPatterns = (fullDiff.match(/^\+.*(try|except|catch|guard|throw|raise|assert|validate|if.*null|if.*nil|if.*None|if.*undefined)/gm) || []).length;
+          const removedBroken = (fullDiff.match(/^-.*(bug|broken|crash|wrong|incorrect|typo|fail|error|miss|stale)/gm) || []).length;
+          if (fixPatterns > 3 || removedBroken > 1) {
+            uncommittedFix = true;
+          }
         }
       }
     } catch {

package/dist/hooks/post-tool-use.js

@@ -1455,6 +1455,32 @@ function trackModification(db, featureKey) {
     `).run(featureKey);
   }
 }
+function recordTestResult(db, featureKey, passing, failing) {
+  const existing = db.prepare(
+    "SELECT * FROM feature_health WHERE feature_key = ?"
+  ).get(featureKey);
+  const healthScore = calculateHealthScore(passing, failing, 0, (/* @__PURE__ */ new Date()).toISOString(), existing?.last_modified);
+  db.prepare(`
+    INSERT INTO feature_health
+    (feature_key, last_tested, test_coverage_pct, health_score, tests_passing, tests_failing, modifications_since_test)
+    VALUES (?, datetime('now'), ?, ?, ?, ?, 0)
+    ON CONFLICT(feature_key) DO UPDATE SET
+      last_tested = datetime('now'),
+      health_score = ?,
+      tests_passing = ?,
+      tests_failing = ?,
+      modifications_since_test = 0
+  `).run(
+    featureKey,
+    passing > 0 ? passing / (passing + failing) * 100 : 0,
+    healthScore,
+    passing,
+    failing,
+    healthScore,
+    passing,
+    failing
+  );
+}
 
 // src/import-resolver.ts
 import { readFileSync as readFileSync2, existsSync as existsSync3, statSync } from "fs";
@@ -1959,6 +1985,26 @@ async function main() {
         }
       } catch (_securityErr) {
       }
+      try {
+        if (tool_name === "Bash") {
+          const command = tool_input.command ?? "";
+          if (isTestRunnerCommand(command)) {
+            const counts = parseTestRunOutput(tool_response ?? "");
+            if (counts) {
+              const modifiedFeatures = db.prepare(
+                "SELECT feature_key FROM feature_health WHERE modifications_since_test > 0"
+              ).all();
+              for (const row of modifiedFeatures) {
+                recordTestResult(db, row.feature_key, counts.passing, counts.failing);
+              }
+              if (modifiedFeatures.length === 0) {
+                recordTestResult(db, "_session_test_run", counts.passing, counts.failing);
+              }
+            }
+          }
+        }
+      } catch (_testResultErr) {
+      }
       try {
         if (tool_name === "Edit" || tool_name === "Write") {
           const filePath = tool_input.file_path ?? "";
@@ -2034,6 +2080,50 @@ function updatePlanProgress(db, sessionId, progress) {
     addSummary(db, sessionId, { planProgress: progressMap });
   }
 }
+function isTestRunnerCommand(command) {
+  const trimmed = command.trim().toLowerCase();
+  const stripped = trimmed.replace(/^cd\s+\S+\s*(&&|;)\s*/, "").replace(/^\(\s*cd\s+\S+\s*(&&|;)\s*/, "");
+  const testRunnerPrefixes = [
+    "npm test",
+    "npm run test",
+    "npx vitest",
+    "npx jest",
+    "vitest",
+    "jest",
+    "pnpm test",
+    "pnpm run test",
+    "yarn test",
+    "pytest",
+    "go test",
+    "cargo test"
+  ];
+  return testRunnerPrefixes.some((prefix) => stripped.startsWith(prefix));
+}
+function parseTestRunOutput(output) {
+  const vitestSplit = output.match(/Tests?\s+(?:(\d+)\s+failed\s+\|\s+)?(\d+)\s+passed/);
+  if (vitestSplit) {
+    return {
+      passing: parseInt(vitestSplit[2], 10),
+      failing: vitestSplit[1] ? parseInt(vitestSplit[1], 10) : 0
+    };
+  }
+  const jest = output.match(/Tests?:\s+(?:(\d+)\s+failed,\s+)?(\d+)\s+passed/);
+  if (jest) {
+    return {
+      passing: parseInt(jest[2], 10),
+      failing: jest[1] ? parseInt(jest[1], 10) : 0
+    };
+  }
+  const pytestPassed = output.match(/(\d+)\s+passed/);
+  const pytestFailed = output.match(/(\d+)\s+failed/);
+  if (pytestPassed) {
+    return {
+      passing: parseInt(pytestPassed[1], 10),
+      failing: pytestFailed ? parseInt(pytestFailed[1], 10) : 0
+    };
+  }
+  return null;
+}
 function readStdin() {
   return new Promise((resolve5) => {
     let data = "";

package/dist/hooks/session-end.js

@@ -1418,6 +1418,7 @@ function estimateTokens(text) {
 // src/cloud-sync.ts
 var MAX_RETRIES = 3;
 var RETRY_DELAYS = [1e3, 2e3, 4e3];
+var DEFAULT_CLOUD_REQUEST_TIMEOUT_MS = 2e3;
 async function syncToCloud(db, payload) {
   const config = getConfig();
   const cloud = config.cloud;
@@ -1443,6 +1444,7 @@ async function syncToCloud(db, payload) {
     filteredPayload.audit = payload.audit;
   }
   let lastError = "";
+  const requestTimeoutMs = cloud.requestTimeoutMs ?? DEFAULT_CLOUD_REQUEST_TIMEOUT_MS;
   for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
     try {
       const response = await fetch(endpoint, {
@@ -1451,7 +1453,11 @@ async function syncToCloud(db, payload) {
           "Content-Type": "application/json",
           "Authorization": `Bearer ${cloud.apiKey}`
         },
-        body: JSON.stringify(filteredPayload)
+        body: JSON.stringify(filteredPayload),
+        // P-H003: bounded request — AbortSignal.timeout fires AbortError when
+        // the request stalls (DNS failure, TCP unreachable, slow server). Cleans
+        // up before hook timeout kills the whole process.
+        signal: AbortSignal.timeout(requestTimeoutMs)
       });
       if (!response.ok) {
         lastError = `HTTP ${response.status}: ${response.statusText}`;
@@ -1476,6 +1482,9 @@ async function syncToCloud(db, payload) {
       };
     } catch (err) {
       lastError = err instanceof Error ? err.message : String(err);
+      if (err instanceof Error && (err.name === "AbortError" || err.name === "TimeoutError")) {
+        break;
+      }
       if (attempt < MAX_RETRIES - 1) {
         await sleep(RETRY_DELAYS[attempt]);
         continue;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@massu/core",
-  "version": "1.9.5",
+  "version": "1.10.1",
   "type": "module",
   "description": "AI Engineering Governance MCP Server - Session memory, knowledge system, feature registry, code intelligence, rule enforcement, tiered tooling (12 free / 73 total), 59 workflow commands, 11 agents, 20+ patterns",
   "main": "src/server.ts",

package/src/cloud-sync.ts

@@ -60,6 +60,12 @@ export interface SyncResult {
 const MAX_RETRIES = 3;
 const RETRY_DELAYS = [1000, 2000, 4000]; // exponential backoff
 
+// P-H003 (plan-stage-c-high-batch): bound each HTTP request so offline
+// customers don't burn the entire Stop-hook 15s budget on a single
+// unreachable endpoint. Default 2_000ms is well under hook timeout while
+// still tolerating typical latency. Override via config.cloud.requestTimeoutMs.
+const DEFAULT_CLOUD_REQUEST_TIMEOUT_MS = 2_000;
+
 /**
  * Sync data to the cloud endpoint.
  * Respects config flags for selective sync.
@@ -103,6 +109,8 @@ export async function syncToCloud(
 
   // Attempt sync with retry
   let lastError = '';
+  const requestTimeoutMs = (cloud as { requestTimeoutMs?: number }).requestTimeoutMs
+    ?? DEFAULT_CLOUD_REQUEST_TIMEOUT_MS;
   for (let attempt = 0; attempt < MAX_RETRIES; attempt++) {
     try {
       const response = await fetch(endpoint, {
@@ -112,6 +120,10 @@ export async function syncToCloud(
           'Authorization': `Bearer ${cloud.apiKey}`,
         },
         body: JSON.stringify(filteredPayload),
+        // P-H003: bounded request — AbortSignal.timeout fires AbortError when
+        // the request stalls (DNS failure, TCP unreachable, slow server). Cleans
+        // up before hook timeout kills the whole process.
+        signal: AbortSignal.timeout(requestTimeoutMs),
       });
 
       if (!response.ok) {
@@ -140,6 +152,12 @@ export async function syncToCloud(
       };
     } catch (err) {
       lastError = err instanceof Error ? err.message : String(err);
+      // P-H003: AbortError from AbortSignal.timeout means the request stalled
+      // (customer offline / DNS failure / unreachable). Don't burn the remaining
+      // hook budget retrying; queue for later and bail.
+      if (err instanceof Error && (err.name === 'AbortError' || err.name === 'TimeoutError')) {
+        break;
+      }
       if (attempt < MAX_RETRIES - 1) {
         await sleep(RETRY_DELAYS[attempt]);
         continue;

package/src/commands/doctor.ts

@@ -8,7 +8,7 @@
  * 1. massu.config.yaml exists and parses correctly
  * 2. .mcp.json has massu entry
  * 3. .claude/settings.local.json has hooks config
- * 4. All 11 compiled hook files exist
+ * 4. All compiled hook files exist (count sourced from lib/hook-registry.ts SoT)
  * 5. Knowledge DB exists (.massu/memory.db)
  * 6. Memory directory exists (~/.claude/projects/.../memory/)
  * 7. Shell hooks wired in settings.local.json
@@ -24,6 +24,7 @@ import { parse as parseYaml } from 'yaml';
 import { getConfig, getResolvedPaths } from '../config.ts';
 import { getCurrentTier, getLicenseInfo, daysUntilExpiry } from '../license.ts';
 import { readSettingsAtPath } from '../lib/settings-local.ts';
+import { getExpectedHookFiles } from '../lib/hook-registry.ts';
 
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
@@ -42,19 +43,13 @@ interface CheckResult {
 // Hook Files
 // ============================================================
 
-const EXPECTED_HOOKS = [
-  'session-start.js',
-  'session-end.js',
-  'post-tool-use.js',
-  'user-prompt.js',
-  'pre-compact.js',
-  'pre-delete-check.js',
-  'post-edit-context.js',
-  'security-gate.js',
-  'cost-tracker.js',
-  'quality-event.js',
-  'intent-suggester.js',
-];
+// P-H001 (plan-stage-c-high-batch): drift-fix. EXPECTED_HOOKS now consumes
+// the lib/hook-registry.ts SoT; the registry-parity drift-guard test asserts
+// this list matches `src/hooks/*.ts` AND `buildHooksConfig()`. Previously
+// a hand-maintained list of 11 entries silently drifted from the 16 hooks
+// actually registered by installHooks(), letting hook files go missing
+// without doctor noticing.
+const EXPECTED_HOOKS: readonly string[] = getExpectedHookFiles();
 
 // ============================================================
 // Individual Checks

package/src/commands/init.ts

@@ -438,6 +438,22 @@ export function buildConfigFromDetection(
     }
   }
 
+  // P-H004 (plan-stage-c-high-batch): App Router / Pages Router fallback.
+  // When pathsSource would default to 'src' but src/ doesn't exist, check
+  // recognized framework conventions before failing validation. Fixes
+  // `massu init` outright failure on fresh Next.js 14+ App Router repos
+  // (have `app/` + `package.json`, no `src/`) and Pages Router (`pages/`).
+  // Final fallback to '.' makes flat-layout projects work too.
+  if (pathsSource === 'src' && !existsSync(resolve(projectRoot, 'src'))) {
+    const fallbacks = ['app', 'pages', '.'];
+    for (const fallback of fallbacks) {
+      if (fallback === '.' || existsSync(resolve(projectRoot, fallback))) {
+        pathsSource = fallback;
+        break;
+      }
+    }
+  }
+
   // P1-005: emit `paths.monorepo_roots` as the distinct parent directories of
   // every workspace package when this is a monorepo. Optional + additive;
   // v1 consumers ignore it. When detection identified a monorepo type

package/src/commands/install-commands.ts

@@ -494,6 +494,16 @@ export function buildTemplateVars(): Record<string, unknown> {
     paths: config.paths,
     detected: config.detected ?? {},
     config,
+    // P-H006 (plan-stage-c-high-batch): RESERVED CLAUDE CODE PLACEHOLDER.
+    // Claude Code reads `{{ARGUMENTS}}` as a runtime placeholder inside
+    // slash-command files. The Massu template engine has no native concept
+    // of reserved literals; we model the placeholder as a variable whose
+    // value IS the literal `{{ARGUMENTS}}` string. Because the engine never
+    // re-renders output, this passes through verbatim. Closes the bug class
+    // where `/massu-article-review`, `/massu-autoresearch`, etc. silently
+    // failed to install because the engine threw MissingVariableError on
+    // their {{ARGUMENTS}} usage.
+    ARGUMENTS: '{{ARGUMENTS}}',
   };
 }
 

package/src/commands/install-hooks.ts

@@ -4,7 +4,8 @@
 /**
  * `massu install-hooks` — Standalone hook installation.
  *
- * Installs or updates all 11 Claude Code hooks in .claude/settings.local.json.
+ * Installs or updates the canonical Massu hook set in .claude/settings.local.json.
+ * Count is sourced from lib/hook-registry.ts SoT; see REGISTERED_HOOKS there.
  * Uses the same logic as `massu init` but only handles hooks.
  */
 

package/src/commands/template-engine.ts

@@ -69,6 +69,24 @@ export function renderTemplate(template: string, vars: Record<string, unknown>):
         throw new TemplateParseError('unclosed `{{` (no matching `}}`)', tokenStart);
       }
       const inner = template.slice(i + 2, closeIdx);
+
+      // P-H007 (plan-stage-c-high-batch): JSX pass-through. Pattern docs
+      // contain content like `action={{ label: "X" }}` (JSX object literal)
+      // that LOOKS like a template token but isn't. Pre-fix the engine
+      // threw TemplateParseError and the WHOLE file silently failed to
+      // install. Now: detect ONLY clearly-JSX patterns (multi-line OR
+      // leading whitespace inside the braces) and emit verbatim. Everything
+      // else (including security probes, empty `{{}}`, malformed filters,
+      // invalid path characters) still goes through strict renderToken and
+      // throws — security tests still pass.
+      if (isJsxPassThrough(inner)) {
+        out.push('{{');
+        out.push(inner);
+        out.push('}}');
+        i = closeIdx + 2;
+        continue;
+      }
+
       const rendered = renderToken(inner, vars, tokenStart);
       out.push(rendered);
       i = closeIdx + 2;
@@ -128,6 +146,29 @@ function findTokenClose(template: string, start: number): number {
   return -1;
 }
 
+/**
+ * P-H007: Decide whether the inner text of a `{{...}}` block is a multi-line
+ * JSX expression that should be emitted verbatim (NOT parsed as a Massu
+ * template token).
+ *
+ * Detection is intentionally MINIMAL: only multi-line content passes through.
+ * The original P-H007 evidence (`patterns/component-patterns.md` JSX
+ * `action={{ label: "X", onClick: () => ... }}` formatted across lines)
+ * IS multi-line; that is the bug class to close.
+ *
+ * Single-line content of EVERY shape (valid Massu vars, malformed paths,
+ * empty `{{}}`, security probes like `constructor.constructor("...")()`,
+ * default filters with escaped quotes) goes through the strict renderToken
+ * path so all pre-existing template-engine.test.ts behavior is preserved.
+ *
+ * Tradeoff: single-line JSX `action={{ x: 1 }}` (rare in practice) would
+ * still throw under this rule. The vast majority of JSX in shipped pattern
+ * docs is multi-line, so this is the correct conservative fix.
+ */
+function isJsxPassThrough(inner: string): boolean {
+  return inner.includes('\n');
+}
+
 /**
  * Render a single token (text BETWEEN `{{` and `}}`).
  * Format: `path.to.var` OR `path.to.var | default("fallback")`.

package/src/hooks/auto-learning-pipeline.ts

@@ -16,12 +16,18 @@
 // the pipeline steps.
 // ============================================================
 
-import { execSync } from 'child_process';
+import { execFileSync } from 'child_process';
 import { existsSync, readFileSync, unlinkSync, readdirSync, statSync } from 'fs';
 import { tmpdir } from 'os';
 import { join } from 'path';
 import { getProjectRoot, getConfig } from '../config.ts';
 
+// P-H002 (plan-stage-c-high-batch): bound git-diff reads so monorepos with
+// 10MB+ working trees don't trigger Stop-hook timeout. Short-stat first,
+// only read full diff body when estimated bytes <= cap. execFileSync argv
+// form is defense-in-depth (P-001 pattern).
+const MAX_FULL_DIFF_BYTES = 2 * 1024 * 1024; // 2MB; ~25k lines at 80 bytes/line
+
 interface HookInput {
   session_id: string;
   transcript_path: string;
@@ -67,19 +73,46 @@ async function main(): Promise<void> {
       } catch { /* ignore parse errors */ }
     }
 
-    // Source 2: Scan uncommitted git diff for fix patterns (language-agnostic)
+    // Source 2: Scan uncommitted git diff for fix patterns (language-agnostic).
+    // Two-stage: (1) name-only to confirm any changes, (2) shortstat to estimate
+    // bytes, (3) full diff body ONLY if estimate <= MAX_FULL_DIFF_BYTES.
     let uncommittedFix = false;
     try {
-      const diff = execSync('git diff --name-only', { cwd: root, timeout: 3000, encoding: 'utf-8' });
-      if (diff.trim()) {
-        const fullDiff = execSync('git diff', { cwd: root, timeout: 5000, encoding: 'utf-8' });
-        const fixPatterns = (fullDiff.match(/^\+.*(try|except|catch|guard|throw|raise|assert|validate|if.*null|if.*nil|if.*None|if.*undefined)/gm) || []).length;
-        const removedBroken = (fullDiff.match(/^-.*(bug|broken|crash|wrong|incorrect|typo|fail|error|miss|stale)/gm) || []).length;
-        if (fixPatterns > 3 || removedBroken > 1) {
-          uncommittedFix = true;
+      const nameOnly = execFileSync('git', ['diff', '--name-only'], {
+        cwd: root,
+        timeout: 3000,
+        encoding: 'utf-8',
+        maxBuffer: 1024 * 1024,
+      });
+      if (nameOnly.trim()) {
+        const shortstat = execFileSync('git', ['diff', '--shortstat'], {
+          cwd: root,
+          timeout: 2000,
+          encoding: 'utf-8',
+          maxBuffer: 64 * 1024,
+        });
+        const insertions = parseInt(shortstat.match(/(\d+) insertion/)?.[1] ?? '0', 10);
+        const deletions = parseInt(shortstat.match(/(\d+) deletion/)?.[1] ?? '0', 10);
+        const estimatedBytes = (insertions + deletions) * 80; // ~80 bytes/line avg
+        if (estimatedBytes <= MAX_FULL_DIFF_BYTES) {
+          const fullDiff = execFileSync('git', ['diff'], {
+            cwd: root,
+            timeout: 5000,
+            encoding: 'utf-8',
+            maxBuffer: MAX_FULL_DIFF_BYTES,
+          });
+          const fixPatterns = (fullDiff.match(/^\+.*(try|except|catch|guard|throw|raise|assert|validate|if.*null|if.*nil|if.*None|if.*undefined)/gm) || []).length;
+          const removedBroken = (fullDiff.match(/^-.*(bug|broken|crash|wrong|incorrect|typo|fail|error|miss|stale)/gm) || []).length;
+          if (fixPatterns > 3 || removedBroken > 1) {
+            uncommittedFix = true;
+          }
         }
+        // else: diff exceeds cap — skip pattern scan rather than risk timeout.
+        // The fix-detector hook fires on per-Edit/Write and already populates
+        // sessionFixes for the realistic case; full-diff fallback is a safety
+        // net that we can correctly skip for huge trees.
       }
-    } catch { /* git not available or no changes */ }
+    } catch { /* git not available or no changes or buffer overflow */ }
 
     if (sessionFixes.length === 0 && !uncommittedFix) {
       // Clean up flag file

package/src/hooks/post-tool-use.ts

@@ -11,7 +11,7 @@
 import { getMemoryDb, addObservation, createSession, deduplicateFailedAttempt, addSummary } from '../memory-db.ts';
 import { classifyRealTimeToolCall, detectPlanProgress } from '../observation-extractor.ts';
 import { logAuditEntry } from '../audit-trail.ts';
-import { trackModification } from '../regression-detector.ts';
+import { trackModification, recordTestResult } from '../regression-detector.ts';
 import { validateFile, storeValidationResult } from '../validation-engine.ts';
 import { scoreFileSecurity, storeSecurityScore } from '../security-scorer.ts';
 import { readFileSync, existsSync } from 'fs';
@@ -131,6 +131,42 @@ async function main(): Promise<void> {
         // Best-effort: never block post-tool-use
       }
 
+      // P-H029 (plan-stage-c-high-batch): wire recordTestResult() into the
+      // post-tool-use hook so `feature_health` dashboard reflects real test
+      // deltas. Pre-fix: `trackModification` fired but `recordTestResult` was
+      // unit-tested yet never called; dashboard showed tests_passing=0 for
+      // every feature.
+      //
+      // Strategy: when a Bash tool call runs a test runner AND the output
+      // includes parseable pass/fail counts, call recordTestResult for every
+      // feature with `modifications_since_test > 0`. This resets their counter
+      // and updates pass/fail tallies based on the run.
+      try {
+        if (tool_name === 'Bash') {
+          const command = (tool_input.command as string) ?? '';
+          if (isTestRunnerCommand(command)) {
+            const counts = parseTestRunOutput(tool_response ?? '');
+            if (counts) {
+              const modifiedFeatures = db
+                .prepare(
+                  'SELECT feature_key FROM feature_health WHERE modifications_since_test > 0',
+                )
+                .all() as Array<{ feature_key: string }>;
+              for (const row of modifiedFeatures) {
+                recordTestResult(db, row.feature_key, counts.passing, counts.failing);
+              }
+              // Also record a session-level aggregate so the dashboard has at
+              // least one row even when no features were modified.
+              if (modifiedFeatures.length === 0) {
+                recordTestResult(db, '_session_test_run', counts.passing, counts.failing);
+              }
+            }
+          }
+        }
+      } catch (_testResultErr) {
+        // Best-effort: never block post-tool-use
+      }
+
       // MEMORY.md integrity check on write
       try {
         if (tool_name === 'Edit' || tool_name === 'Write') {
@@ -217,6 +253,60 @@ function updatePlanProgress(db: import('better-sqlite3').Database, sessionId: st
   }
 }
 
+/**
+ * P-H029: Detect test-runner commands. Conservative match — only commands that
+ * START with a recognized test runner so a build script invoking `npm run test`
+ * is included but a script that merely mentions "test" in a filename is not.
+ */
+function isTestRunnerCommand(command: string): boolean {
+  const trimmed = command.trim().toLowerCase();
+  // Strip leading `cd <dir> && ` or `(cd <dir> && ...)` prefix so we match
+  // the actual test command.
+  const stripped = trimmed
+    .replace(/^cd\s+\S+\s*(&&|;)\s*/, '')
+    .replace(/^\(\s*cd\s+\S+\s*(&&|;)\s*/, '');
+  const testRunnerPrefixes = [
+    'npm test', 'npm run test', 'npx vitest', 'npx jest', 'vitest', 'jest',
+    'pnpm test', 'pnpm run test', 'yarn test', 'pytest', 'go test', 'cargo test',
+  ];
+  return testRunnerPrefixes.some((prefix) => stripped.startsWith(prefix));
+}
+
+/**
+ * P-H029: Parse test-run output for pass/fail counts. Supports vitest
+ * (`Tests  N passed (N)`, `Tests  X failed | Y passed (Z)`), jest
+ * (`Tests: X failed, Y passed, Z total`), and pytest (`X passed, Y failed`).
+ * Returns null if no parseable summary line found.
+ */
+function parseTestRunOutput(output: string): { passing: number; failing: number } | null {
+  // vitest: " Tests  439 passed (439)" or " Tests  3 failed | 436 passed (439)"
+  const vitestSplit = output.match(/Tests?\s+(?:(\d+)\s+failed\s+\|\s+)?(\d+)\s+passed/);
+  if (vitestSplit) {
+    return {
+      passing: parseInt(vitestSplit[2], 10),
+      failing: vitestSplit[1] ? parseInt(vitestSplit[1], 10) : 0,
+    };
+  }
+  // jest: "Tests:       1 failed, 5 passed, 6 total"
+  const jest = output.match(/Tests?:\s+(?:(\d+)\s+failed,\s+)?(\d+)\s+passed/);
+  if (jest) {
+    return {
+      passing: parseInt(jest[2], 10),
+      failing: jest[1] ? parseInt(jest[1], 10) : 0,
+    };
+  }
+  // pytest: "5 passed, 2 failed in 1.23s" or "5 passed in 1.23s"
+  const pytestPassed = output.match(/(\d+)\s+passed/);
+  const pytestFailed = output.match(/(\d+)\s+failed/);
+  if (pytestPassed) {
+    return {
+      passing: parseInt(pytestPassed[1], 10),
+      failing: pytestFailed ? parseInt(pytestFailed[1], 10) : 0,
+    };
+  }
+  return null;
+}
+
 function readStdin(): Promise<string> {
   return new Promise((resolve) => {
     let data = '';

package/src/lib/hook-registry.ts

@@ -0,0 +1,43 @@
+/**
+ * Single source of truth for the canonical Massu hook set.
+ *
+ * P-H001 (plan-stage-c-high-batch): doctor / installer / build:hooks all
+ * consume from here. The drift-guard `hook-registry-parity.test.ts` asserts:
+ *
+ *   1. REGISTERED_HOOKS matches `src/hooks/*.ts` filenames (the build SoT).
+ *   2. REGISTERED_HOOKS matches the hook names referenced in
+ *      `buildHooksConfig()` (the installer SoT).
+ *   3. REGISTERED_HOOKS matches `dist/hooks/*.js` after `npm run build:hooks`
+ *      (the runtime SoT, when build artifacts are available).
+ *
+ * Adding a new hook requires touching THREE places: src/hooks/X.ts,
+ * REGISTERED_HOOKS, and buildHooksConfig() — the parity tests enforce this.
+ */
+export const REGISTERED_HOOKS = [
+  'auto-learning-pipeline',
+  'classify-failure',
+  'cost-tracker',
+  'fix-detector',
+  'incident-pipeline',
+  'intent-suggester',
+  'post-edit-context',
+  'post-tool-use',
+  'pre-compact',
+  'pre-delete-check',
+  'quality-event',
+  'rule-enforcement-pipeline',
+  'security-gate',
+  'session-end',
+  'session-start',
+  'user-prompt',
+] as const;
+
+export type RegisteredHook = (typeof REGISTERED_HOOKS)[number];
+
+export function getExpectedHookFiles(): readonly string[] {
+  return REGISTERED_HOOKS.map((name) => `${name}.js`);
+}
+
+export function getRegisteredHookCount(): number {
+  return REGISTERED_HOOKS.length;
+}

package/src/security/registry-pubkey.generated.ts

@@ -1,4 +1,4 @@
-// AUTO-GENERATED by scripts/bundle-pubkey.mjs at 2026-05-17T00:41:46.925Z.
+// AUTO-GENERATED by scripts/bundle-pubkey.mjs at 2026-05-17T05:11:08.118Z.
 // Source pem: packages/core/security/registry-pubkey.pem
 // RAW-bytes sha256: 3b6226d036c472e533110d11a7d0cd2773ce1d7d4f1003517d5bd69c5418ed4c
 // DO NOT EDIT — regenerate via `node scripts/bundle-pubkey.mjs` or

package/src/tool-db-needs.ts

@@ -70,8 +70,14 @@ export const TOOL_DB_NEEDS = {
   impact: ['codegraph', 'data'],
   domains: ['codegraph', 'data'],
 
-  // `trpc_map` reads only Data DB (tRPC index lives there); no CodeGraph access.
-  trpc_map: ['data'],
+  // P-H009 (plan-stage-c-high-batch): `trpc_map` queries Data DB tables
+  // populated by `ensureIndexes(d, codegraphDb)` — without CodeGraph the
+  // index never builds and the flagship code-intel tool silently returns
+  // "0 procedures" on fresh installs. Declaring `codegraph` here makes the
+  // dispatcher open the CodeGraph DB so `buildTrpcIndex` can run; the
+  // handler also surfaces an actionable hint when no procedures + no
+  // codegraph (covered by `trpc-map-empty-codegraph-hint.test.ts`).
+  trpc_map: ['codegraph', 'data'],
 
   // `schema` reads filesystem (Prisma schema files); no DB access at all.
   schema: [],

package/src/tools.ts

@@ -858,13 +858,29 @@ function handleTrpcMap(args: Record<string, unknown>, dataDb: Database.Database)
     const coupled = dataDb.prepare('SELECT COUNT(*) as count FROM massu_trpc_procedures WHERE has_ui_caller = 1').get() as { count: number };
     const uncoupled = total.count - coupled.count;
 
-    lines.push('## tRPC Procedure Summary');
-    lines.push(`- Total procedures: ${total.count}`);
-    lines.push(`- With UI callers: ${coupled.count}`);
-    lines.push(`- Without UI callers: ${uncoupled}`);
-    lines.push('');
-    lines.push('Use { router: "name" } to see details for a specific router.');
-    lines.push('Use { uncoupled: true } to see all procedures without UI callers.');
+    // P-H009 (plan-stage-c-high-batch): when the index is empty, return an
+    // actionable remedy hint instead of bare "0" — previously fresh installs
+    // saw "Total procedures: 0" and assumed the flagship tool was broken.
+    if (total.count === 0) {
+      lines.push('## tRPC Index Empty');
+      lines.push('');
+      lines.push('No tRPC procedures indexed yet. Either this repo has no tRPC');
+      lines.push('routers, or the CodeGraph index has not been built. To rebuild:');
+      lines.push('');
+      lines.push('  npx massu sync');
+      lines.push('');
+      lines.push('If `massu sync` completes successfully but `trpc_map` still');
+      lines.push('returns 0, the repo likely has no tRPC procedures (this is');
+      lines.push('expected for non-tRPC stacks — try `schema` or `domains` tools).');
+    } else {
+      lines.push('## tRPC Procedure Summary');
+      lines.push(`- Total procedures: ${total.count}`);
+      lines.push(`- With UI callers: ${coupled.count}`);
+      lines.push(`- Without UI callers: ${uncoupled}`);
+      lines.push('');
+      lines.push('Use { router: "name" } to see details for a specific router.');
+      lines.push('Use { uncoupled: true } to see all procedures without UI callers.');
+    }
   }
 
   return text(lines.join('\n'));