@mc-and-his-agents/loom-installer 0.1.15 → 0.1.16

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@mc-and-his-agents/loom-installer",
-  "version": "0.1.15",
+  "version": "0.1.16",
   "description": "Node installer for Loom plugin and single-skill installation surfaces.",
   "type": "module",
   "bin": {

package/payload/manifest.json

@@ -2,9 +2,9 @@
   "schema_version": "loom-installer-payload/v1",
   "loom_version": "0.4.0",
   "source_repository": "https://github.com/MC-and-his-Agents/Loom",
-  "source_commit": "3e2a33cf1cb7e519d321cb2617b874e285815c5b",
+  "source_commit": "fbbe9a3659bbaf753f47b38aa230ab122c26227b",
   "source_ref": "main",
-  "built_at": "2026-04-25T13:01:36+08:00",
+  "built_at": "2026-04-25T13:09:15+08:00",
   "runtime": {
     "python_minimum": "3.10",
     "python_recommended": "3.11+"
@@ -628,13 +628,13 @@
     },
     {
       "path": "plugin/loom/skills/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "plugin/loom/skills/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "plugin/loom/skills/shared/scripts/loom_init.py",
@@ -1213,13 +1213,13 @@
     },
     {
       "path": "skills/loom-adopt/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-adopt/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-adopt/.loom-runtime/shared/scripts/loom_init.py",
@@ -1828,13 +1828,13 @@
     },
     {
       "path": "skills/loom-handoff/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-handoff/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-handoff/.loom-runtime/shared/scripts/loom_init.py",
@@ -2443,13 +2443,13 @@
     },
     {
       "path": "skills/loom-init/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-init/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-init/.loom-runtime/shared/scripts/loom_init.py",
@@ -3063,13 +3063,13 @@
     },
     {
       "path": "skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-merge-ready/.loom-runtime/shared/scripts/loom_init.py",
@@ -3678,13 +3678,13 @@
     },
     {
       "path": "skills/loom-pre-review/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-pre-review/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-pre-review/.loom-runtime/shared/scripts/loom_init.py",
@@ -4293,13 +4293,13 @@
     },
     {
       "path": "skills/loom-resume/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-resume/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-resume/.loom-runtime/shared/scripts/loom_init.py",
@@ -4908,13 +4908,13 @@
     },
     {
       "path": "skills/loom-retire/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-retire/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-retire/.loom-runtime/shared/scripts/loom_init.py",
@@ -5523,13 +5523,13 @@
     },
     {
       "path": "skills/loom-review/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-review/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-review/.loom-runtime/shared/scripts/loom_init.py",
@@ -6138,13 +6138,13 @@
     },
     {
       "path": "skills/loom-spec-review/.loom-runtime/shared/scripts/loom_check.py",
-      "bytes": 265994,
-      "sha256": "77334371c586c5e7247e6b781758cbf656594d4d5b8cff33f16b967b43f7811c"
+      "bytes": 267202,
+      "sha256": "213e64f5d974ae8b4dfbce97af96b88405b30cce3ab01d3d3ebf6a653aba4f4f"
     },
     {
       "path": "skills/loom-spec-review/.loom-runtime/shared/scripts/loom_flow.py",
-      "bytes": 279330,
-      "sha256": "ad6d6376a665cdfcd9de2316957e8f36e1ec087de59f29cebe6a6496ac0a555e"
+      "bytes": 281098,
+      "sha256": "85012c8824e33f4e7816e451d3aa8d38eec63f4006ae98c657676f2640923184"
     },
     {
       "path": "skills/loom-spec-review/.loom-runtime/shared/scripts/loom_init.py",

package/payload/plugin/loom/skills/shared/scripts/loom_check.py

@@ -95,6 +95,7 @@ CORE_DOCS = (
     "docs/evidence/validations/validation-closeout-reconciliation-blocking-gate.md",
     "docs/evidence/validations/validation-github-profile-binding-orchestration.md",
     "docs/evidence/validations/validation-github-profile-drift-reconciliation.md",
+    "docs/evidence/validations/validation-github-profile-graphql-budget-guard.md",
     "docs/evidence/validations/validation-loom-core-runtime-parity.md",
     "docs/evidence/validations/validation-shadow-parity-blocking-gate.md",
     "docs/evidence/validations/validation-syvert-strong-governance-parity.md",
@@ -273,6 +274,8 @@ def iter_markdown_files(root: Path) -> list[Path]:
         relative = path.relative_to(root).as_posix()
         if any(relative == part or relative.startswith(f"{part}/") for part in skipped_parts):
             continue
+        if any(part.startswith(".payload-build-") for part in path.relative_to(root).parts):
+            continue
         if relative.startswith("packages/loom-installer/payload/"):
             continue
         results.append(path)
@@ -5559,6 +5562,31 @@ def check_generated_artifacts_untracked(root: Path) -> list[Failure]:
     ]
 
 
+def check_github_cli_budget(root: Path) -> list[Failure]:
+    failures: list[Failure] = []
+    forbidden = tuple(f"gh {kind} view" for kind in ("repo", "issue", "pr"))
+    search_roots = [root / "skills/shared/scripts", root / "tools"]
+    for search_root in search_roots:
+        if not search_root.exists():
+            continue
+        for path in search_root.rglob("*.py"):
+            if path.name == "loom_check.py":
+                continue
+            try:
+                text = path.read_text(encoding="utf-8")
+            except OSError:
+                continue
+            for needle in forbidden:
+                if needle in text:
+                    failures.append(
+                        Failure(
+                            "github-api-budget",
+                            f"`{needle}` must not be used in high-frequency implementation path `{path.relative_to(root)}`",
+                        )
+                    )
+    return failures
+
+
 def is_within(path: Path, root: Path) -> bool:
     try:
         path.relative_to(root)
@@ -5596,6 +5624,7 @@ def collect_failures(root: Path) -> list[Failure]:
     failures.extend(check_repo_interop_contracts(root))
     failures.extend(check_node_installer(root))
     failures.extend(check_generated_artifacts_untracked(root))
+    failures.extend(check_github_cli_budget(root))
     failures.extend(check_markdown_links(root))
     return failures
 

package/payload/plugin/loom/skills/shared/scripts/loom_flow.py

@@ -926,6 +926,21 @@ def gh_graphql(root: Path, query: str, variables: dict[str, Any]) -> tuple[dict[
     return data, []
 
 
+def graphql_budget_guard(scope: str, errors: list[str] | None = None) -> dict[str, Any]:
+    return {
+        "graphql_only": True,
+        "budget_scope": scope,
+        "status": "unavailable" if errors else "guarded",
+        "errors": list(errors or []),
+        "fallback_to": "manual-reconciliation" if errors else None,
+        "recommended_action": (
+            "Retry this GraphQL-only host read with explicit operator intent, or continue with REST-backed issue/PR evidence when ProjectV2/native sub-issue data is not required."
+            if errors
+            else "Use this GraphQL-only host read sparingly; high-frequency repo, issue, and PR reads must stay on REST."
+        ),
+    }
+
+
 def git_dirty_entries(root: Path) -> list[dict[str, str]]:
     result = run_git(root, ["status", "--porcelain=v1"])
     if result is None or result.returncode != 0:
@@ -3946,6 +3961,7 @@ query($id: ID!) {
             "id": entry.get("id"),
             "content": {"number": None, "type": "Issue"},
             "status": status_name,
+            "budget_guard": graphql_budget_guard("project_v2_item_field_values"),
         }, []
     return None, []
 
@@ -4022,6 +4038,7 @@ query($owner:String!, $name:String!, $number:Int!) {
     issue = repository.get("issue")
     if not isinstance(issue, dict):
         return None, [f"issue #{issue_number} is missing from GraphQL payload"]
+    issue["budget_guard"] = graphql_budget_guard("native_parent_sub_issue_tree")
     return issue, []
 
 
@@ -4131,6 +4148,7 @@ def reconciliation_audit_payload(
                     "status": "unavailable",
                     "reason": "GraphQL-only parent/sub-issue tree could not be read.",
                     "errors": issue_tree_errors,
+                    "budget_guard": graphql_budget_guard("native_parent_sub_issue_tree", issue_tree_errors),
                 }
             elif issue_tree is not None:
                 issue_payload = {**issue_payload, **issue_tree}
@@ -4261,16 +4279,21 @@ def reconciliation_audit_payload(
                     "status": "unavailable",
                     "reason": "GitHub ProjectV2 CLI owner resolution is unavailable in this environment.",
                     "errors": project_errors,
+                    "budget_guard": graphql_budget_guard("project_v2_status_surface", project_errors),
                 }
             else:
                 missing_inputs.extend(f"project: {message}" for message in project_errors)
         else:
             items = project_context["items"]
             issue_item = find_project_item(items, issue_number, "issue") if issue_number is not None else None
+            issue_item_budget_guard: dict[str, Any] | None = None
             if issue_item is None and issue_id is not None and issue_number is not None:
                 issue_item, issue_item_errors = project_item_for_issue(target_root, issue_id, project_number)
                 if issue_item_errors:
-                    missing_inputs.extend(f"project: {message}" for message in issue_item_errors)
+                    issue_item_budget_guard = graphql_budget_guard(
+                        "project_v2_issue_item_lookup",
+                        issue_item_errors,
+                    )
             pr_item = find_project_item(items, pr_number, "pr") if pr_number is not None else None
             project_payload = {
                 "number": project_number,
@@ -4280,6 +4303,8 @@ def reconciliation_audit_payload(
                 "issue_item": issue_item,
                 "pr_item": pr_item,
             }
+            if issue_item_budget_guard is not None:
+                project_payload["issue_item_budget_guard"] = issue_item_budget_guard
 
             if issue_number is not None:
                 expected_done = issue_payload is not None and (issue_payload.get("state") == "CLOSED" or merged_issue_open)
@@ -4872,16 +4897,21 @@ def closeout_payload(
                     "status": "unavailable",
                     "reason": "GitHub ProjectV2 CLI owner resolution is unavailable in this environment.",
                     "errors": project_errors,
+                    "budget_guard": graphql_budget_guard("project_v2_status_surface", project_errors),
                 }
             else:
                 missing_inputs.extend(f"project: {message}" for message in project_errors)
         else:
             items = project_context["items"]
             issue_item = find_project_item(items, issue_number, "issue") if issue_number is not None else None
+            issue_item_budget_guard: dict[str, Any] | None = None
             if issue_item is None and issue_id is not None and issue_number is not None:
                 issue_item, issue_item_errors = project_item_for_issue(target_root, issue_id, project_number)
                 if issue_item_errors:
-                    missing_inputs.extend(f"project: {message}" for message in issue_item_errors)
+                    issue_item_budget_guard = graphql_budget_guard(
+                        "project_v2_issue_item_lookup",
+                        issue_item_errors,
+                    )
             pr_item = find_project_item(items, pr_number, "pr") if pr_number is not None else None
             if issue_number is not None and issue_item is None:
                 missing_inputs.append("issue is missing from project")
@@ -4893,6 +4923,8 @@ def closeout_payload(
                 "issue_item": issue_item,
                 "pr_item": pr_item,
             }
+            if issue_item_budget_guard is not None:
+                project_payload["issue_item_budget_guard"] = issue_item_budget_guard
             for label, item in (("issue", issue_item), ("pr", pr_item)):
                 if item is None:
                     continue

package/payload/skills/loom-adopt/.loom-runtime/shared/scripts/loom_check.py

@@ -95,6 +95,7 @@ CORE_DOCS = (
     "docs/evidence/validations/validation-closeout-reconciliation-blocking-gate.md",
     "docs/evidence/validations/validation-github-profile-binding-orchestration.md",
     "docs/evidence/validations/validation-github-profile-drift-reconciliation.md",
+    "docs/evidence/validations/validation-github-profile-graphql-budget-guard.md",
     "docs/evidence/validations/validation-loom-core-runtime-parity.md",
     "docs/evidence/validations/validation-shadow-parity-blocking-gate.md",
     "docs/evidence/validations/validation-syvert-strong-governance-parity.md",
@@ -273,6 +274,8 @@ def iter_markdown_files(root: Path) -> list[Path]:
         relative = path.relative_to(root).as_posix()
         if any(relative == part or relative.startswith(f"{part}/") for part in skipped_parts):
             continue
+        if any(part.startswith(".payload-build-") for part in path.relative_to(root).parts):
+            continue
         if relative.startswith("packages/loom-installer/payload/"):
             continue
         results.append(path)
@@ -5559,6 +5562,31 @@ def check_generated_artifacts_untracked(root: Path) -> list[Failure]:
     ]
 
 
+def check_github_cli_budget(root: Path) -> list[Failure]:
+    failures: list[Failure] = []
+    forbidden = tuple(f"gh {kind} view" for kind in ("repo", "issue", "pr"))
+    search_roots = [root / "skills/shared/scripts", root / "tools"]
+    for search_root in search_roots:
+        if not search_root.exists():
+            continue
+        for path in search_root.rglob("*.py"):
+            if path.name == "loom_check.py":
+                continue
+            try:
+                text = path.read_text(encoding="utf-8")
+            except OSError:
+                continue
+            for needle in forbidden:
+                if needle in text:
+                    failures.append(
+                        Failure(
+                            "github-api-budget",
+                            f"`{needle}` must not be used in high-frequency implementation path `{path.relative_to(root)}`",
+                        )
+                    )
+    return failures
+
+
 def is_within(path: Path, root: Path) -> bool:
     try:
         path.relative_to(root)
@@ -5596,6 +5624,7 @@ def collect_failures(root: Path) -> list[Failure]:
     failures.extend(check_repo_interop_contracts(root))
     failures.extend(check_node_installer(root))
     failures.extend(check_generated_artifacts_untracked(root))
+    failures.extend(check_github_cli_budget(root))
     failures.extend(check_markdown_links(root))
     return failures
 

package/payload/skills/loom-adopt/.loom-runtime/shared/scripts/loom_flow.py

@@ -926,6 +926,21 @@ def gh_graphql(root: Path, query: str, variables: dict[str, Any]) -> tuple[dict[
     return data, []
 
 
+def graphql_budget_guard(scope: str, errors: list[str] | None = None) -> dict[str, Any]:
+    return {
+        "graphql_only": True,
+        "budget_scope": scope,
+        "status": "unavailable" if errors else "guarded",
+        "errors": list(errors or []),
+        "fallback_to": "manual-reconciliation" if errors else None,
+        "recommended_action": (
+            "Retry this GraphQL-only host read with explicit operator intent, or continue with REST-backed issue/PR evidence when ProjectV2/native sub-issue data is not required."
+            if errors
+            else "Use this GraphQL-only host read sparingly; high-frequency repo, issue, and PR reads must stay on REST."
+        ),
+    }
+
+
 def git_dirty_entries(root: Path) -> list[dict[str, str]]:
     result = run_git(root, ["status", "--porcelain=v1"])
     if result is None or result.returncode != 0:
@@ -3946,6 +3961,7 @@ query($id: ID!) {
             "id": entry.get("id"),
             "content": {"number": None, "type": "Issue"},
             "status": status_name,
+            "budget_guard": graphql_budget_guard("project_v2_item_field_values"),
         }, []
     return None, []
 
@@ -4022,6 +4038,7 @@ query($owner:String!, $name:String!, $number:Int!) {
     issue = repository.get("issue")
     if not isinstance(issue, dict):
         return None, [f"issue #{issue_number} is missing from GraphQL payload"]
+    issue["budget_guard"] = graphql_budget_guard("native_parent_sub_issue_tree")
     return issue, []
 
 
@@ -4131,6 +4148,7 @@ def reconciliation_audit_payload(
                     "status": "unavailable",
                     "reason": "GraphQL-only parent/sub-issue tree could not be read.",
                     "errors": issue_tree_errors,
+                    "budget_guard": graphql_budget_guard("native_parent_sub_issue_tree", issue_tree_errors),
                 }
             elif issue_tree is not None:
                 issue_payload = {**issue_payload, **issue_tree}
@@ -4261,16 +4279,21 @@ def reconciliation_audit_payload(
                     "status": "unavailable",
                     "reason": "GitHub ProjectV2 CLI owner resolution is unavailable in this environment.",
                     "errors": project_errors,
+                    "budget_guard": graphql_budget_guard("project_v2_status_surface", project_errors),
                 }
             else:
                 missing_inputs.extend(f"project: {message}" for message in project_errors)
         else:
             items = project_context["items"]
             issue_item = find_project_item(items, issue_number, "issue") if issue_number is not None else None
+            issue_item_budget_guard: dict[str, Any] | None = None
             if issue_item is None and issue_id is not None and issue_number is not None:
                 issue_item, issue_item_errors = project_item_for_issue(target_root, issue_id, project_number)
                 if issue_item_errors:
-                    missing_inputs.extend(f"project: {message}" for message in issue_item_errors)
+                    issue_item_budget_guard = graphql_budget_guard(
+                        "project_v2_issue_item_lookup",
+                        issue_item_errors,
+                    )
             pr_item = find_project_item(items, pr_number, "pr") if pr_number is not None else None
             project_payload = {
                 "number": project_number,
@@ -4280,6 +4303,8 @@ def reconciliation_audit_payload(
                 "issue_item": issue_item,
                 "pr_item": pr_item,
             }
+            if issue_item_budget_guard is not None:
+                project_payload["issue_item_budget_guard"] = issue_item_budget_guard
 
             if issue_number is not None:
                 expected_done = issue_payload is not None and (issue_payload.get("state") == "CLOSED" or merged_issue_open)
@@ -4872,16 +4897,21 @@ def closeout_payload(
                     "status": "unavailable",
                     "reason": "GitHub ProjectV2 CLI owner resolution is unavailable in this environment.",
                     "errors": project_errors,
+                    "budget_guard": graphql_budget_guard("project_v2_status_surface", project_errors),
                 }
             else:
                 missing_inputs.extend(f"project: {message}" for message in project_errors)
         else:
             items = project_context["items"]
             issue_item = find_project_item(items, issue_number, "issue") if issue_number is not None else None
+            issue_item_budget_guard: dict[str, Any] | None = None
             if issue_item is None and issue_id is not None and issue_number is not None:
                 issue_item, issue_item_errors = project_item_for_issue(target_root, issue_id, project_number)
                 if issue_item_errors:
-                    missing_inputs.extend(f"project: {message}" for message in issue_item_errors)
+                    issue_item_budget_guard = graphql_budget_guard(
+                        "project_v2_issue_item_lookup",
+                        issue_item_errors,
+                    )
             pr_item = find_project_item(items, pr_number, "pr") if pr_number is not None else None
             if issue_number is not None and issue_item is None:
                 missing_inputs.append("issue is missing from project")
@@ -4893,6 +4923,8 @@ def closeout_payload(
                 "issue_item": issue_item,
                 "pr_item": pr_item,
             }
+            if issue_item_budget_guard is not None:
+                project_payload["issue_item_budget_guard"] = issue_item_budget_guard
             for label, item in (("issue", issue_item), ("pr", pr_item)):
                 if item is None:
                     continue

package/payload/skills/loom-handoff/.loom-runtime/shared/scripts/loom_check.py

@@ -95,6 +95,7 @@ CORE_DOCS = (
     "docs/evidence/validations/validation-closeout-reconciliation-blocking-gate.md",
     "docs/evidence/validations/validation-github-profile-binding-orchestration.md",
     "docs/evidence/validations/validation-github-profile-drift-reconciliation.md",
+    "docs/evidence/validations/validation-github-profile-graphql-budget-guard.md",
     "docs/evidence/validations/validation-loom-core-runtime-parity.md",
     "docs/evidence/validations/validation-shadow-parity-blocking-gate.md",
     "docs/evidence/validations/validation-syvert-strong-governance-parity.md",
@@ -273,6 +274,8 @@ def iter_markdown_files(root: Path) -> list[Path]:
         relative = path.relative_to(root).as_posix()
         if any(relative == part or relative.startswith(f"{part}/") for part in skipped_parts):
             continue
+        if any(part.startswith(".payload-build-") for part in path.relative_to(root).parts):
+            continue
         if relative.startswith("packages/loom-installer/payload/"):
             continue
         results.append(path)
@@ -5559,6 +5562,31 @@ def check_generated_artifacts_untracked(root: Path) -> list[Failure]:
     ]
 
 
+def check_github_cli_budget(root: Path) -> list[Failure]:
+    failures: list[Failure] = []
+    forbidden = tuple(f"gh {kind} view" for kind in ("repo", "issue", "pr"))
+    search_roots = [root / "skills/shared/scripts", root / "tools"]
+    for search_root in search_roots:
+        if not search_root.exists():
+            continue
+        for path in search_root.rglob("*.py"):
+            if path.name == "loom_check.py":
+                continue
+            try:
+                text = path.read_text(encoding="utf-8")
+            except OSError:
+                continue
+            for needle in forbidden:
+                if needle in text:
+                    failures.append(
+                        Failure(
+                            "github-api-budget",
+                            f"`{needle}` must not be used in high-frequency implementation path `{path.relative_to(root)}`",
+                        )
+                    )
+    return failures
+
+
 def is_within(path: Path, root: Path) -> bool:
     try:
         path.relative_to(root)
@@ -5596,6 +5624,7 @@ def collect_failures(root: Path) -> list[Failure]:
     failures.extend(check_repo_interop_contracts(root))
     failures.extend(check_node_installer(root))
     failures.extend(check_generated_artifacts_untracked(root))
+    failures.extend(check_github_cli_budget(root))
     failures.extend(check_markdown_links(root))
     return failures