@meetless/mla 0.1.4

package/dist/commands/doctor.js

@@ -0,0 +1,1021 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.REQUIRED_HOOK_EVENTS = exports.OPTIONAL_HOOKS = exports.REQUIRED_HOOKS = void 0;
+exports.assertNoArgs = assertNoArgs;
+exports.doctorExitCode = doctorExitCode;
+exports.sessionCaptureCheck = sessionCaptureCheck;
+exports.schemaVersionCheck = schemaVersionCheck;
+exports.walModeCheck = walModeCheck;
+exports.foreignKeysCheck = foreignKeysCheck;
+exports.busyTimeoutCheck = busyTimeoutCheck;
+exports.managedPreToolUseHookCheck = managedPreToolUseHookCheck;
+exports.attestedPathRootCheck = attestedPathRootCheck;
+exports.denyEmissionAccountingCheck = denyEmissionAccountingCheck;
+exports.failOpenEnforcementCheck = failOpenEnforcementCheck;
+exports.ce0IntegrityCheck = ce0IntegrityCheck;
+exports.ce0QuickCheckResult = ce0QuickCheckResult;
+exports.describeAuthMode = describeAuthMode;
+exports.runDoctor = runDoctor;
+const child_process_1 = require("child_process");
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const config_1 = require("../lib/config");
+const workspace_1 = require("../lib/workspace");
+const http_1 = require("../lib/http");
+const spool_1 = require("../lib/spool");
+const activation_1 = require("../lib/activation");
+const wire_1 = require("../lib/wire");
+const ce0_store_1 = require("../lib/rules/ce0-store");
+const interception_schema_1 = require("../lib/rules/interception-schema");
+const live_input_authority_1 = require("../lib/rules/live-input-authority");
+const deny_admission_1 = require("../lib/rules/deny-admission");
+const interception_store_1 = require("../lib/rules/interception-store");
+const local_rule_version_repo_1 = require("../lib/rules/local-rule-version-repo");
+const attest_notes_location_1 = require("../lib/rules/attest-notes-location");
+const runtime_scope_1 = require("../lib/rules/runtime-scope");
+const evidence_1 = require("./evidence");
+// `mla doctor` (§4.9, §6.4 step 14, Acceptance §11.14)
+//
+// Verifies the chain end to end. Red anywhere = block dogfood.
+//
+//   1. control reachable      GET /internal/v1/health
+//   2. token valid + workspace + actor + caseKind  GET /internal/v1/whoami
+//   3. intel reachable        GET /health (if intelUrl configured)
+//   4. ~/.claude/settings.json registers all required hooks
+//   5. /mla skill installed
+//   5b. Meetless MCP server registered (user scope ~/.claude.json, or project .mcp.json)
+//   6. mlaPath resolves and is executable
+//   7. ALL hook scripts present + executable under ~/.meetless/hooks/
+//   8. queue depth (sessions, events, orphans, oldest event age)
+//
+// It also reports the TWO distinct lifecycles (folder = workspace, T3.3),
+// kept separate so an operator can tell "this folder is bound" apart from
+// "this session is being captured":
+//
+//   9.  Workspace binding   the `.meetless.json` marker (activate / deactivate):
+//                           activated / not activated, workspaceId, marker path,
+//                           and (via the whoami probe above) workspace exists /
+//                           inaccessible.
+//   10. Session capture     the `<sid>.off` sentinel (mute / unmute):
+//                           active / muted for THIS session. A folder can be
+//                           activated while this session is muted.
+exports.REQUIRED_HOOKS = [
+    "common.sh",
+    "session-start.sh",
+    "user-prompt-submit.sh",
+    "stop.sh",
+    "flush.sh",
+    // CE0 evidence-consultation measurement harness (proposal §4.1, §6.4). The four
+    // ce0-*.sh scripts are installed unconditionally by `mla rewire` (no opt-out flag,
+    // unlike post-tool-use.sh). They are REQUIRED, not OPTIONAL, for the same reason
+    // event-batch-filter.jq is: a binary upgrade without a re-rewire would leave them
+    // absent and silently break measurement. A missing CE0 script is otherwise
+    // invisible (not drift -- the byte check ignores absent files), so doctor must go
+    // RED here to force the re-rewire.
+    //
+    // The first three ride UserPromptSubmit / PostToolUse / Stop as second managed
+    // entries; absent, they silently under-record every turn. The fourth,
+    // ce0-session-start.sh, rides SessionStart and gives the offline §6.4 sweep an
+    // automatic caller: absent, the two precision/recall denominator events
+    // (memory_requirement_assessed, evidence_obligation_finalized) stop projecting and
+    // the ratios silently lose their denominator -- the same invisible-when-missing
+    // failure, so it is REQUIRED on the same footing.
+    "ce0-user-prompt-submit.sh",
+    "ce0-post-tool-use.sh",
+    "ce0-stop.sh",
+    "ce0-session-start.sh",
+    // Wedge v6 Epoch 27: the Pass 2 batch filter is a separate file so it can be
+    // unit-tested independently and shared between runtime + tests. If a user
+    // upgrades the mla binary but does NOT re-run `mla init`, their old flush.sh
+    // stays on disk and this file is missing -- but the NEW flush.sh (when it
+    // ships next) references it, so any future re-install + missed re-init would
+    // silently drop every event batch via the `|| echo "[]"` fallback. Doctor
+    // RED if the file is missing OR the installed flush.sh predates the
+    // filter-file extraction (content drift check below).
+    "event-batch-filter.jq",
+    // The live PreToolUse enforcement hook (A1). It pipes the raw PreToolUse stdin to
+    // `mla _internal pretool-observe`, which runs the version-backed enforce seam and emits the deny
+    // on the wire. Like the CE0 scripts it is installed unconditionally by `mla rewire` (only
+    // PostToolUse carries the --no-post-tool-use opt-out, wire.ts), so a binary upgrade that skipped a
+    // re-rewire would leave it absent and SILENTLY STOP ENFORCING under an otherwise GREEN doctor. RED
+    // on missing to force the re-rewire.
+    "pre-tool-use.sh",
+];
+exports.OPTIONAL_HOOKS = ["post-tool-use.sh"];
+// PreToolUse joins the required events with A1: wire.ts registers it unconditionally (it carries no
+// opt-out flag, unlike PostToolUse), so a missing registration means the live enforcement hook never
+// fires and the pilot silently stops enforcing. RED on missing.
+exports.REQUIRED_HOOK_EVENTS = ["SessionStart", "UserPromptSubmit", "Stop", "PreToolUse"];
+const OPTIONAL_HOOK_EVENTS = ["PostToolUse"];
+// `mla doctor` takes no arguments (Wedge v6 Epoch 49).
+//
+// Earlier versions documented and parsed a `--gc` flag but the parsed
+// value was thrown away at the runDoctor entry point. The flag was a
+// scaffold that was never wired to any GC behavior. Operators who
+// reasonably typed `mla doctor --gc` expecting orphan cleanup got
+// nothing AND no diagnostic that the flag did nothing -- silent
+// documentation drift. Orphan `.jsonl.draining.*` recovery already
+// happens automatically inside flush.sh on every flush, so there is
+// no concrete GC operation that the doctor needs to perform.
+//
+// Removing the dead flag entirely is the honest fix. If a future
+// epoch designs a real GC operation, it can be added as a separate
+// subcommand (`mla doctor gc <args>`) with explicit semantics rather
+// than re-introducing the old half-finished shape.
+function assertNoArgs(argv) {
+    if (argv.length === 0)
+        return;
+    throw new Error(`\`mla doctor\` takes no arguments (got: ${argv.join(" ")}). The previous --gc flag was a no-op and has been removed.`);
+}
+function fmt(c) {
+    if (c.level === "info")
+        return `  ⓘ ${c.label}${c.detail ? `: ${c.detail}` : ""}`;
+    const mark = c.ok ? "✓" : "✗";
+    return `  ${mark} ${c.label}${c.detail ? ` (${c.detail})` : ""}`;
+}
+// The CI-gate exit contract: 1 when any non-info posture check is RED, else 0. The `level: "info"`
+// carve-out is load-bearing. The append-only accounting rows (historical fail-open count, deny-emission
+// backlog) report as info and must never fail the gate, because the ledger is append-only and one
+// transient install-time fail-open would otherwise pin every future `mla doctor` non-zero forever. A
+// genuine store fault (corrupt ce0, schema drift, busy_timeout drift, an inadmissible attested root) is
+// not info, so it drives a non-zero exit and a CI / script `$?` check catches the degraded store.
+// Pinned in doctor-exit-code.spec.ts.
+function doctorExitCode(checks) {
+    return checks.some((c) => c.level !== "info" && !c.ok) ? 1 : 0;
+}
+// Session-capture lifecycle status (folder = workspace, T3.3). DISTINCT from the
+// workspace-binding lifecycle (the `.meetless.json` marker): a folder can be
+// activated while THIS session is muted. `mla mute` writes a `<sid>.off` sentinel
+// into the session gate; `mla unmute` removes it. This reports whether the
+// current live Claude Code session is muted, reading the gate dir directly so the
+// check is a pure function of (sessionId, gateDir) and unit-pinned in
+// doctor-session-capture.spec.ts.
+//
+// Always informational: a muted session is a deliberate, valid state, never a
+// doctor failure (mirrors a dormant folder being info, not red). When there is no
+// live session id, capture status is per-session and cannot be reported.
+function sessionCaptureCheck(sessionId, gateDir) {
+    const sid = (sessionId || "").trim();
+    if (!sid) {
+        return {
+            ok: true,
+            level: "info",
+            label: "session capture: no live Claude Code session here (status is " +
+                "per-session; run `mla doctor` inside a session to see active / muted)",
+        };
+    }
+    const sid8 = sid.slice(0, 8);
+    const muted = fs.existsSync(path.join(gateDir, `${sid}.off`));
+    return {
+        ok: true,
+        level: "info",
+        label: muted
+            ? `session capture: MUTED for this session (${sid8}); run \`mla unmute\` to resume capture`
+            : `session capture: active for this session (${sid8})`,
+    };
+}
+// The four CE0 interception-store checks that gate the R1 notes-location deny pilot
+// (proposal §10.1 step 1(d)). Each is a pure function of an already-read value so it is
+// unit-pinned in doctor-ce0-schema.spec.ts, exactly like sessionCaptureCheck; the IO that
+// reads the pragmas and the settings layers lives in runDoctor below. A red row here means a
+// would-be deny would degrade to NONE at runtime, so doctor surfaces it before the pilot runs.
+// (1) The local interception schema is at the version this binary expects. A mismatch means a
+// stale or foreign database is open under the same path; the deny machinery must not run on it.
+function schemaVersionCheck(actual, expected) {
+    const ok = actual === expected;
+    return {
+        ok,
+        label: "CE0 interception schema version",
+        detail: ok
+            ? `user_version ${actual}`
+            : `user_version ${actual}, expected ${expected}; rebuild the CE0 store`,
+    };
+}
+// (2) WAL journal mode keeps a PreToolUse read from ever blocking on a concurrent writer.
+function walModeCheck(journalMode) {
+    const mode = (journalMode || "").toLowerCase();
+    const ok = mode === "wal";
+    return {
+        ok,
+        label: "CE0 store journal_mode = WAL",
+        detail: ok
+            ? undefined
+            : `journal_mode is ${journalMode || "unset"}; PreToolUse reads must not block on a writer`,
+    };
+}
+// (3) Foreign keys enforced so an evaluation row can never orphan its attempt or rule version.
+function foreignKeysCheck(foreignKeys) {
+    const ok = foreignKeys === 1;
+    return {
+        ok,
+        label: "CE0 store foreign_keys = ON",
+        detail: ok
+            ? undefined
+            : `foreign_keys is ${foreignKeys}; evaluation rows could orphan their attempt or version`,
+    };
+}
+// (3b) busy_timeout stays small so a contended read fails fast (P0.15). The PreToolUse subcommand
+// opens this store and reads it synchronously; if another process holds a write lock the read waits up
+// to busy_timeout before SQLITE_BUSY. With busy_timeout <= 50 ms a contended read degrades fast (the
+// seam's try/catch then fails open well inside the hook's wall-clock guard); a large value could
+// instead stall the hook until that guard fires. openCe0Store hardcodes 50; this guards that number
+// against drift, RED if it ever exceeds the ceiling. (The proposal's 500 ms hard-timeout figure is NOT
+// the implemented guard: the managed pre-tool-use.sh wrapper uses a 5 s `timeout`; see the dogfood
+// report's P0.15 latency section. We deliberately do not quote 500 ms here as if it were wired.)
+function busyTimeoutCheck(busyTimeoutMs) {
+    const ok = busyTimeoutMs >= 0 && busyTimeoutMs <= 50;
+    return {
+        ok,
+        label: "CE0 store busy_timeout <= 50ms",
+        detail: ok
+            ? `busy_timeout ${busyTimeoutMs}ms`
+            : `busy_timeout is ${busyTimeoutMs}ms; a lock-contended read could stall the hook past its wall-clock guard before it fails open`,
+    };
+}
+// (4) MLA is the sole effective PreToolUse Write/Edit input authority (P0.58). Anything else
+// (a foreign mutator, an unreadable layer, or no MLA hook at all) means a deny is not admissible.
+function managedPreToolUseHookCheck(resolution) {
+    if (resolution.kind === "MLA_SOLE_AUTHORITY") {
+        return {
+            ok: true,
+            label: "MLA is the sole effective PreToolUse Write/Edit authority",
+            detail: `input authority config ${resolution.configHash.slice(0, 12)}`,
+        };
+    }
+    return {
+        ok: false,
+        label: "MLA is the sole effective PreToolUse Write/Edit authority",
+        detail: `${resolution.reason}: ${resolution.detail}`,
+    };
+}
+// (4b) The attested forbidden root resolves against the active runtime root (P0.63). A deny is
+// admitted only when the path root resolves; if a LIVE rule is attested but its root will not resolve
+// (no attested content, or the active runtime root is unresolved), a would-be deny silently fails open,
+// so doctor goes RED. doctor passes the SAME resolveAttestedPathRoot result the enforce seam computes.
+function attestedPathRootCheck(admission) {
+    if (admission.admitted) {
+        return {
+            ok: true,
+            label: "attested forbidden path root resolves (deny admissible)",
+            detail: admission.forbiddenRoot,
+        };
+    }
+    return {
+        ok: false,
+        label: "attested forbidden path root resolves (deny admissible)",
+        detail: `${admission.reason}: a would-be deny would silently fail open`,
+    };
+}
+// (4c) Honest deny-emission accounting (P0.60). A committed deny is recorded BEFORE it is emitted, so a
+// crash in that window leaves a DECISION_RECORDED row that was never advanced to RESPONSE_EMITTED. That
+// is honest and recoverable, NEVER corruption, so this is informational and never RED; it only surfaces
+// the count so an operator can notice the hook recording denials it never emitted.
+function denyEmissionAccountingCheck(awaitingEmission) {
+    return {
+        ok: true,
+        level: "info",
+        label: awaitingEmission === 0
+            ? "deny-emission accounting clean (no decisions awaiting emission)"
+            : `${awaitingEmission} deny decision(s) recorded but not yet emitted (honest crash-window leftovers; recoverable, never lost)`,
+    };
+}
+// (4d) Historical fail-open visibility. deny-admission.ts promises that when a DENY-ceiling violation
+// cannot be denied (RULE_ENFORCEMENT_UNAVAILABLE, decision 5) the action passes, an alert fires, and the
+// operator can see it here. Unlike a stuck deny-emission, a fail-open is NOT recoverable: the prohibited
+// action already passed un-governed. But the rule_evaluation_record ledger is append-only and an
+// install-time transient fail-open must not pin `mla doctor` RED forever, so the count is surfaced as
+// info (the count IS the loud alert), never a permanent RED.
+function failOpenEnforcementCheck(failedOpen) {
+    return {
+        ok: true,
+        level: "info",
+        label: failedOpen === 0
+            ? "enforcement has never failed open (no deny-ceiling violation passed un-governed)"
+            : `${failedOpen} deny-ceiling violation(s) failed open (passed un-governed); enforcement was unavailable at decision time`,
+    };
+}
+// (5) The local SQLite authority is structurally sound (P0.15). A PreToolUse hook fails OPEN on an
+// invalid or unreadable local store, which silently takes enforcement DOWN, so P0.15 requires the
+// degraded store be "surfaced through mla doctor as a failure". The other ce0 reads only catch
+// corruption incidentally, when a query happens to touch a damaged page; this runs a deliberate
+// full-database PRAGMA quick_check so a corrupt authority is reported authoritatively. Unlike the
+// append-only accounting checks this is a LIVE infrastructure failure (enforcement is down right
+// now), so it is RED, never info.
+function ce0IntegrityCheck(quickCheckResult) {
+    const ok = quickCheckResult.trim().toLowerCase() === "ok";
+    if (ok) {
+        return { ok: true, label: "CE0 store integrity (PRAGMA quick_check)", detail: "ok" };
+    }
+    const summary = quickCheckResult.trim().slice(0, 200);
+    return {
+        ok: false,
+        label: "CE0 store integrity (PRAGMA quick_check)",
+        detail: `${summary}; the local SQLite authority is unreadable, enforcement is silently failing open`,
+    };
+}
+// Runs the deliberate full-database integrity scan behind ce0IntegrityCheck and returns "ok" when the
+// store is sound, otherwise the failure text. Severe corruption makes better-sqlite3 THROW rather than
+// return a row, so a throw is folded into the same failure string: either way the authority is unsound
+// and the pure check above goes RED.
+function ce0QuickCheckResult(store) {
+    try {
+        const rows = store.db.pragma("quick_check");
+        return rows.map((r) => String(Object.values(r)[0])).join("; ");
+    }
+    catch (e) {
+        return e.message;
+    }
+}
+// Newest mtime (ms) of any .ts file under `dir`, walked recursively. Used by
+// the build-freshness check to detect a dist/ that lags behind src/.
+function newestTsMtimeMs(dir) {
+    let newest = 0;
+    let entries;
+    try {
+        entries = fs.readdirSync(dir, { withFileTypes: true });
+    }
+    catch {
+        return newest;
+    }
+    for (const e of entries) {
+        const full = path.join(dir, e.name);
+        if (e.isDirectory()) {
+            newest = Math.max(newest, newestTsMtimeMs(full));
+        }
+        else if (e.isFile() && e.name.endsWith(".ts")) {
+            try {
+                newest = Math.max(newest, fs.statSync(full).mtimeMs);
+            }
+            catch {
+                // unreadable file: ignore
+            }
+        }
+    }
+    return newest;
+}
+// One-line, token-free description of the active credential path (§6.4). For a
+// user session it adds the display name and how much access-token runway is
+// left, so an operator debugging "why am I getting 401s" sees the mode AND
+// whether the access token is near expiry (the auto-refresh trigger).
+function describeAuthMode(auth) {
+    if (auth.mode === "none") {
+        return "none (not logged in; run `mla login`)";
+    }
+    if (auth.mode === "shared-key") {
+        return "shared-key (internal key; no user identity)";
+    }
+    const who = auth.user.displayName || auth.user.id;
+    const ms = Date.parse(auth.accessExpiresAt) - Date.now();
+    let runway;
+    if (Number.isNaN(ms)) {
+        runway = "expiry unknown";
+    }
+    else if (ms <= 0) {
+        // Access token expired. Auto-refresh fires on the next control call, but it
+        // is NOT guaranteed: if the refresh token was revoked or rotated away
+        // server-side, the refresh 401s and `mla login` is the only recovery. Do not
+        // promise a refresh that may not happen (the old "(will auto-refresh)" lie
+        // sent operators into a no-op loop). When the refresh window has also lapsed
+        // locally, say so plainly.
+        const refreshMs = Date.parse(auth.refreshExpiresAt) - Date.now();
+        runway =
+            !Number.isNaN(refreshMs) && refreshMs > 0
+                ? "access token expired (auto-refresh, else `mla login`)"
+                : "session expired; run `mla login`";
+    }
+    else {
+        const hours = Math.floor(ms / (60 * 60 * 1000));
+        runway = hours < 48 ? `access expires ~${hours}h` : `access expires ~${Math.floor(hours / 24)}d`;
+    }
+    return `user-token (${who}; ${runway})`;
+}
+async function runDoctor(argv) {
+    assertNoArgs(argv);
+    const checks = [];
+    let cfg = null;
+    try {
+        cfg = (0, config_1.readConfig)();
+        checks.push({ ok: true, label: "cli-config.json present", detail: cfg.controlUrl });
+        // §6.4: surface which credential path is active at a glance. Info-level (does
+        // not fail the doctor): all three modes are valid states. NEVER prints a
+        // token, only the mode and, for a user session, the display name + expiry.
+        checks.push({
+            ok: true,
+            label: "auth.mode",
+            detail: describeAuthMode(cfg.auth),
+            level: "info",
+        });
+    }
+    catch (e) {
+        checks.push({ ok: false, label: "cli-config.json present", detail: e.message });
+        console.log("Doctor:");
+        for (const c of checks)
+            console.log(fmt(c));
+        return 1;
+    }
+    // 1. control reachable
+    const health = await (0, http_1.ping)(cfg, "/internal/v1/health");
+    checks.push({
+        ok: health.ok,
+        label: "control reachable (GET /internal/v1/health)",
+        detail: health.ok ? cfg.controlUrl : health.error,
+    });
+    // Folder = workspace (T1.1): the workspace this directory is bound to comes
+    // from the nearest `.meetless.json` marker, never cli-config. doctor is a
+    // diagnostic that must run from any directory, so resolution is best-effort:
+    // null means "this folder is not activated" and the workspace-scoped probes
+    // (whoami, kb/health) report that instead of calling control with no id.
+    const markerWorkspaceId = (0, workspace_1.tryResolveWorkspaceId)();
+    // 2. whoami
+    //
+    // KB curation (proposal v2.3 §9.3, T39) extends this in two ways:
+    //
+    //   - When cli-config carries `actorUserId`, pass it on the query so the
+    //     control resolver verifies (workspaceId, actorUserId) is a member AND
+    //     has role OWNER. Owner-only is the v1 ACL (proposal §9 footnote #13);
+    //     no per-call --actor flag, no KB_CURATE scope yet.
+    //   - When `actorUserId` is missing, doctor still calls whoami (legacy
+    //     agent_review path stays green) but flags the missing field as RED so
+    //     the operator sees the gap before they try to run `mla kb ...`.
+    let whoami = null;
+    const actorUserId = (cfg.actorUserId || "").trim();
+    if (!actorUserId) {
+        checks.push({
+            ok: false,
+            label: "cli-config.actorUserId present",
+            detail: "missing. KB curation commands stamp this onto every outbox event. " +
+                "Re-run `mla init --actor <id>` or edit cli-config.json directly.",
+        });
+    }
+    if (health.ok && !markerWorkspaceId) {
+        checks.push({
+            ok: false,
+            label: "workspace activated (.meetless.json)",
+            detail: `no marker at or above ${process.cwd()}. whoami + KB probes need a ` +
+                "workspace binding; run `mla activate` here.",
+        });
+    }
+    if (health.ok && markerWorkspaceId) {
+        try {
+            const whoamiPath = actorUserId
+                ? `/internal/v1/whoami?workspaceId=${encodeURIComponent(markerWorkspaceId)}&actorUserId=${encodeURIComponent(actorUserId)}`
+                : `/internal/v1/whoami?workspaceId=${encodeURIComponent(markerWorkspaceId)}`;
+            whoami = await (0, http_1.get)(cfg, whoamiPath, 6000);
+            checks.push({ ok: true, label: `token valid + workspace resolves`, detail: whoami?.workspace?.slug ?? whoami?.workspace?.id });
+            checks.push({
+                ok: !!whoami?.actor,
+                label: "actor resolves (workspace member)",
+                detail: whoami?.actor?.displayName ?? whoami?.actor?.email,
+            });
+            // Owner-only ACL gate (§9.3). Fall back to actorIsMember when the
+            // server is the pre-§9.3 build that does not emit actorIsOwner so the
+            // doctor does not flap during the rollout.
+            if (actorUserId) {
+                const isOwner = typeof whoami?.actorIsOwner === "boolean"
+                    ? whoami.actorIsOwner
+                    : whoami?.actor?.role === "OWNER";
+                checks.push({
+                    ok: !!isOwner,
+                    label: "actor is workspace OWNER (KB curation §9.3)",
+                    detail: isOwner
+                        ? `role=${whoami?.actor?.role ?? "OWNER"}`
+                        : `role=${whoami?.actor?.role ?? "UNKNOWN"}; KB curation requires OWNER.`,
+                });
+            }
+            checks.push({
+                ok: !!whoami?.caseKindAgentReviewSeeded,
+                label: "CaseKind 'agent_review' seeded",
+            });
+        }
+        catch (e) {
+            const err = e;
+            checks.push({
+                ok: false,
+                label: "whoami (token + workspace + actor)",
+                detail: `HTTP ${err.status ?? "?"}: ${err.message.slice(0, 120)}`,
+            });
+        }
+    }
+    // 3. intel reachable
+    let intelReachable = false;
+    if (cfg.intelUrl) {
+        try {
+            const res = await fetch(`${cfg.intelUrl}/health`, { signal: AbortSignal.timeout(5000) });
+            intelReachable = res.ok;
+            checks.push({ ok: res.ok, label: "intel reachable (GET /health)", detail: cfg.intelUrl });
+        }
+        catch (e) {
+            checks.push({ ok: false, label: "intel reachable (GET /health)", detail: e.message });
+        }
+    }
+    // 3b. KB substrate health probe (proposal v2.3 §9.3, T39).
+    //
+    // GET /internal/v1/kb/health?workspaceId=<ws> returns
+    //   outboxConsumerLagSec (warn > 300s)
+    //   hardDeletePendingMaxAgeSec (warn > 86400s)
+    //   warnings: [...]
+    //
+    // Both surface as RED (not info) when the threshold trips: a lagging
+    // outbox means `mla kb show` audit-trails miss recent events; a stuck
+    // HARD_DELETE_PENDING doc means the phase-2 Weaviate-delete IntelJob is
+    // wedged and the doc body is half-purged. The endpoint is rolling out
+    // alongside the CLI; until the intel build with /kb/health lands, the
+    // doctor logs an info row instead of failing.
+    if (intelReachable && cfg.intelUrl && markerWorkspaceId) {
+        try {
+            const url = `${cfg.intelUrl}/internal/v1/kb/health?workspaceId=${encodeURIComponent(markerWorkspaceId)}`;
+            const res = await fetch(url, {
+                method: "GET",
+                headers: { Authorization: `Bearer ${cfg.controlToken}` },
+                signal: AbortSignal.timeout(8000),
+            });
+            if (res.status === 404) {
+                checks.push({
+                    ok: true,
+                    level: "info",
+                    label: "KB health probe: endpoint absent on this intel build (skipped)",
+                });
+            }
+            else if (!res.ok) {
+                checks.push({
+                    ok: false,
+                    label: "KB health probe (GET /internal/v1/kb/health)",
+                    detail: `HTTP ${res.status}`,
+                });
+            }
+            else {
+                const body = await res.json();
+                const lag = body?.outboxConsumerLagSec ?? null;
+                const pending = body?.hardDeletePendingCount ?? 0;
+                const pendingAge = body?.hardDeletePendingMaxAgeSec ?? null;
+                const warnings = Array.isArray(body?.warnings) ? body.warnings : [];
+                const lagOk = !warnings.some((w) => w.includes("outbox consumer lag"));
+                const pendingOk = !warnings.some((w) => w.includes("HARD_DELETE_PENDING"));
+                checks.push({
+                    ok: lagOk,
+                    label: "KB outbox consumer lag (warn > 5min)",
+                    detail: lag === null
+                        ? "no unconsumed KB outbox rows"
+                        : `${lag}s lag, ${body?.outboxUnconsumedCount ?? 0} unconsumed`,
+                });
+                checks.push({
+                    ok: pendingOk,
+                    label: "HARD_DELETE_PENDING age (warn > 24h)",
+                    detail: pending === 0
+                        ? "0 docs pending"
+                        : `${pending} doc(s) pending, oldest ${pendingAge ?? "?"}s`,
+                });
+            }
+        }
+        catch (e) {
+            checks.push({
+                ok: false,
+                label: "KB health probe (GET /internal/v1/kb/health)",
+                detail: e.message,
+            });
+        }
+    }
+    // 4. hooks registered in ~/.claude/settings.json
+    const settingsPath = path.join(os.homedir(), ".claude", "settings.json");
+    if (fs.existsSync(settingsPath)) {
+        try {
+            const s = JSON.parse(fs.readFileSync(settingsPath, "utf8"));
+            const installedCmds = new Set();
+            for (const ev of Object.keys(s.hooks ?? {})) {
+                for (const entry of s.hooks[ev] ?? []) {
+                    for (const h of entry.hooks ?? []) {
+                        if (h?.type === "command" && typeof h.command === "string")
+                            installedCmds.add(h.command);
+                    }
+                }
+            }
+            for (const ev of exports.REQUIRED_HOOK_EVENTS) {
+                const present = (s.hooks?.[ev] ?? []).length > 0;
+                checks.push({ ok: present, label: `hook event ${ev} registered` });
+            }
+            for (const ev of OPTIONAL_HOOK_EVENTS) {
+                const present = (s.hooks?.[ev] ?? []).length > 0;
+                checks.push({
+                    ok: true,
+                    label: `hook event ${ev}: ${present ? "ON" : "OFF (opt-out flag)"}`,
+                    level: "info",
+                });
+            }
+            void installedCmds;
+        }
+        catch (e) {
+            checks.push({ ok: false, label: "~/.claude/settings.json parseable", detail: e.message });
+        }
+    }
+    else {
+        checks.push({ ok: false, label: "~/.claude/settings.json present" });
+    }
+    // 5. /mla skill installed
+    const skillPath = path.join(os.homedir(), ".claude", "skills", "mla", "SKILL.md");
+    checks.push({ ok: fs.existsSync(skillPath), label: "/mla skill installed", detail: skillPath });
+    // 5b. Meetless MCP server registered for Claude Code.
+    //
+    // `mla init`/`mla rewire` write a user-scope server into ~/.claude.json
+    // (top-level mcpServers.meetless -> `mla mcp`, auto-loads with no approval
+    // prompt, scopes per-repo via CLAUDE_PROJECT_DIR). Without it the
+    // meetless__* tools never appear and the consult-governed-memory-first rule
+    // is unenforceable: a silent, invisible failure, so it earns a doctor check.
+    //
+    // The dogfood setup instead pins a project-scope `.mcp.json` (often above the
+    // git root, with a custom env block) -- a deliberate hand-rolled override, not
+    // drift. So if the user-scope entry is absent we walk up from cwd looking for
+    // a `.mcp.json` that registers the server before going RED, and only suggest
+    // `mla rewire` when neither path has it.
+    {
+        const hasServer = (obj) => {
+            const s = obj?.mcpServers?.[wire_1.MCP_SERVER_KEY];
+            return !!s && typeof s === "object" && typeof s.command === "string";
+        };
+        const claudeJsonPath = path.join(os.homedir(), ".claude.json");
+        let userScope = false;
+        if (fs.existsSync(claudeJsonPath)) {
+            try {
+                userScope = hasServer(JSON.parse(fs.readFileSync(claudeJsonPath, "utf8")));
+            }
+            catch {
+                // unparseable ~/.claude.json: treat as not-registered; the wire step
+                // reports the parse failure separately.
+                userScope = false;
+            }
+        }
+        if (userScope) {
+            checks.push({
+                ok: true,
+                label: "Meetless MCP server registered (user scope)",
+                detail: claudeJsonPath,
+            });
+        }
+        else {
+            // Walk up from cwd to the filesystem root, stopping if we pass home, and
+            // look for a project-scope `.mcp.json` that registers the server.
+            let projectMcp = null;
+            let dir = process.cwd();
+            const home = os.homedir();
+            for (;;) {
+                const candidate = path.join(dir, ".mcp.json");
+                if (fs.existsSync(candidate)) {
+                    try {
+                        if (hasServer(JSON.parse(fs.readFileSync(candidate, "utf8")))) {
+                            projectMcp = candidate;
+                            break;
+                        }
+                    }
+                    catch {
+                        // ignore an unparseable .mcp.json and keep walking up
+                    }
+                }
+                const parent = path.dirname(dir);
+                if (parent === dir || dir === home)
+                    break;
+                dir = parent;
+            }
+            if (projectMcp) {
+                checks.push({
+                    ok: true,
+                    label: "Meetless MCP server registered (project scope)",
+                    detail: projectMcp,
+                    level: "info",
+                });
+            }
+            else {
+                checks.push({
+                    ok: false,
+                    label: "Meetless MCP server registered",
+                    detail: `not found in ${claudeJsonPath}; run \`mla rewire\` then restart Claude Code`,
+                });
+            }
+        }
+    }
+    // 6. mlaPath resolves + executable
+    let mlaExec = false;
+    try {
+        fs.accessSync(cfg.mlaPath, fs.constants.X_OK);
+        mlaExec = true;
+    }
+    catch {
+        mlaExec = false;
+    }
+    checks.push({ ok: mlaExec, label: "mlaPath resolves + executable", detail: cfg.mlaPath });
+    // 6b. build freshness (stale-dist footgun).
+    //
+    // The mla binary runs from dist/cli.js. If a source change landed in src/
+    // but `pnpm build` was not re-run, the binary silently executes stale
+    // compiled code: the exact footgun behind "I changed it but mla still does
+    // the old thing", which historically burned real debugging time because
+    // `mla --version` reported a frozen string that never moved across builds.
+    // doctor.js runs from dist/commands/, so dist/cli.js is one level up and src/
+    // is two levels up. Compare the compiled cli.js mtime against the newest
+    // src/*.ts mtime; RED when dist lags. Skipped (info) when src/ is absent (a
+    // published install ships only dist/).
+    {
+        const distCli = path.join(__dirname, "..", "cli.js");
+        const srcDir = path.join(__dirname, "..", "..", "src");
+        if (!fs.existsSync(srcDir)) {
+            checks.push({
+                ok: true,
+                level: "info",
+                label: "build freshness: src/ absent (published install), not checked",
+            });
+        }
+        else {
+            let distMs = 0;
+            try {
+                distMs = fs.statSync(distCli).mtimeMs;
+            }
+            catch {
+                distMs = 0;
+            }
+            const srcMs = newestTsMtimeMs(srcDir);
+            const stale = distMs === 0 || srcMs > distMs;
+            let freshDetail = distMs ? `built ${new Date(distMs).toISOString()}` : "dist/cli.js missing";
+            try {
+                const bi = JSON.parse(fs.readFileSync(path.join(__dirname, "..", "build-info.json"), "utf8"));
+                freshDetail = `${bi.sha ?? "?"}${bi.dirty ? "-dirty" : ""}, built ${bi.builtAt ?? freshDetail}`;
+            }
+            catch {
+                // no build-info.json (pre-stamp build): fall back to dist mtime detail
+            }
+            checks.push({
+                ok: !stale,
+                label: "build fresh (dist newer than src)",
+                detail: stale
+                    ? `STALE; run \`pnpm build\` in meetless-cli/packages/cli (newest src ${new Date(srcMs).toISOString()} > dist ${distMs ? new Date(distMs).toISOString() : "missing"})`
+                    : freshDetail,
+            });
+        }
+    }
+    // 7a. flock present in PATH. flush.sh + common.sh use `flock -n 9` for
+    // hook concurrency; macOS does not ship it. If flock is missing the hook
+    // pipeline silently no-ops (`|| exit 0` after the failed flock call), so
+    // events queue forever and never reach control. `brew install flock`.
+    let flockPath = null;
+    try {
+        flockPath = (0, child_process_1.execSync)("command -v flock", { encoding: "utf8" }).trim() || null;
+    }
+    catch {
+        flockPath = null;
+    }
+    checks.push({
+        ok: !!flockPath,
+        label: "flock available on PATH (hook concurrency primitive)",
+        detail: flockPath ?? "missing. Run `brew install flock` (macOS) or `apt-get install util-linux` (Linux).",
+    });
+    // 7b. hook scripts present + executable
+    for (const f of exports.REQUIRED_HOOKS) {
+        const p = path.join(config_1.HOOKS_DIR, f);
+        const ok = fs.existsSync(p);
+        let exec = false;
+        if (ok) {
+            try {
+                fs.accessSync(p, fs.constants.X_OK);
+                exec = true;
+            }
+            catch {
+                exec = false;
+            }
+        }
+        checks.push({ ok: ok && (f.endsWith(".sh") ? exec : true), label: `hook script ${f} installed`, detail: p });
+    }
+    for (const f of exports.OPTIONAL_HOOKS) {
+        const p = path.join(config_1.HOOKS_DIR, f);
+        const present = fs.existsSync(p);
+        checks.push({
+            ok: true,
+            label: `hook script ${f}: ${present ? "present" : "skipped (--no-post-tool-use)"}`,
+            level: "info",
+        });
+    }
+    // 7c. hook content-drift check (generic byte comparison vs shipped template).
+    //
+    // Compares every installed hook in ~/.meetless/hooks/ against the template
+    // THIS binary would install (the exact bytes `mla rewire` copies). Any
+    // difference means the operator upgraded the binary but never re-ran
+    // `mla rewire`, so the live hooks lag the code.
+    //
+    // This REPLACES the old per-file marker-substring scan (Epoch 27/35), which
+    // only covered flush.sh + session-start.sh and silently missed edits to
+    // common.sh / user-prompt-submit.sh -- exactly the gap that let the
+    // 2026-05-31 turn_index fix ship in the binary while the installed hooks
+    // kept writing `turn_index: null` under a GREEN doctor. Byte comparison
+    // covers all seven hook files for free and needs no per-edit maintenance.
+    // Missing files are NOT drift: presence is reported by the per-hook checks
+    // above, and a legit opt-out (post-tool-use.sh under --no-post-tool-use)
+    // would otherwise false-positive.
+    try {
+        const drift = (0, wire_1.checkHookDrift)();
+        const stale = drift.drifted;
+        checks.push({
+            ok: stale.length === 0,
+            label: stale.length === 0
+                ? "hook scripts match shipped templates"
+                : `hook scripts stale: ${stale.join(", ")}`,
+            detail: stale.length === 0
+                ? undefined
+                : "installed copy differs from this binary's template; run `mla rewire` to refresh",
+        });
+        for (const e of drift.errors) {
+            checks.push({
+                ok: false,
+                label: `hook drift check: ${e.file}`,
+                detail: e.error,
+            });
+        }
+    }
+    catch (e) {
+        // Template dir not found (published install lacking dist/hooks-template).
+        // Not a failure of the operator's wiring; surface as info, not red.
+        checks.push({
+            ok: true,
+            level: "info",
+            label: `hook drift check skipped (template not found): ${e.message}`,
+        });
+    }
+    // 8. queue depth
+    const qd = (0, spool_1.queueDepth)();
+    checks.push({
+        ok: true,
+        level: "info",
+        label: `queue depth: ${qd.sessions} active sessions, ${qd.events} events, ${qd.orphans} orphan snapshots, oldest age ${qd.oldestAgeSec ?? "n/a"}s`,
+    });
+    // 8b. stale-session debt (read-only). queueDepth() counts every `.jsonl` and
+    // draining snapshot as an "active session", but a session that drained its
+    // events and never cleanly finalized leaves behind a 0-byte spool plus
+    // `.lock`/`.turn`/`.repoPath`/`.gitBaseline` sidecars that NOTHING in the hook
+    // pipeline ever removes -- so "active sessions" inflates without bound (the
+    // phantom count this surfaces). reapQueue({dryRun}) counts what `mla flush
+    // --gc` WOULD remove without touching disk (doctor must never mutate). It only
+    // ever counts sessions with zero undelivered work and idle past the age gate,
+    // so a non-zero number here is always safe to reap.
+    const debt = (0, spool_1.reapQueue)({ dryRun: true });
+    if (debt.reaped.length > 0) {
+        checks.push({
+            ok: true,
+            level: "info",
+            label: `stale-session debt: ${debt.reaped.length} reapable session(s), ${debt.removedFiles} dead file(s) idle > 24h. Run \`mla flush --gc\` to clear.`,
+        });
+    }
+    // 9. per-folder activation (opt-in capture gate). Informational: a dormant
+    // folder is a valid state, not a failure. Walk up from the cwd where the
+    // operator invoked `mla doctor` (the same walk the bash gate does from a
+    // hook's $PWD). When found, surface the marker path and the resolved
+    // workspace so the operator can confirm THIS folder will actually capture.
+    const activation = (0, activation_1.findActivation)(process.cwd());
+    if (activation) {
+        // Folder = workspace (T1.1): the marker IS the source of the workspace for
+        // both capture and the CLI. A marker with no usable workspaceId is a stale
+        // binding the operator must repair with `mla activate`.
+        const wsDetail = activation.workspaceId
+            ? `workspace ${activation.workspaceId}` +
+                (activation.workspaceName ? ` (${activation.workspaceName})` : "")
+            : "marker present but workspaceId missing; re-run `mla activate` to repair";
+        checks.push({
+            ok: !!activation.workspaceId,
+            level: activation.workspaceId ? "info" : undefined,
+            label: `folder activated: ${activation.path} -> ${wsDetail}`,
+        });
+        if (activation.parseError) {
+            checks.push({
+                ok: false,
+                label: `  marker JSON unparseable (${activation.parseError.slice(0, 80)}); re-run \`mla activate\` to repair the binding`,
+            });
+        }
+    }
+    else {
+        checks.push({
+            ok: true,
+            level: "info",
+            label: `folder NOT activated (no .meetless.json at or above ${process.cwd()}). Run \`mla activate\` here to capture sessions.`,
+        });
+    }
+    // 10. session capture (mute / unmute). Reported DISTINCTLY from the
+    // workspace-binding lifecycle above: activation is about the folder, capture
+    // is about THIS session. A folder can be activated while this session is muted.
+    checks.push(sessionCaptureCheck(process.env.CLAUDE_CODE_SESSION_ID, config_1.SESSION_GATE_DIR));
+    // 11. CE0 interception store posture + the three deny-enablement gates (R1 deny-admission
+    // preconditions, §10.1 step 1(d)).
+    //
+    // The store posture gates the notes-location deny pilot: the local interception schema is at the
+    // version this binary expects, and the CE0 store is in WAL with foreign keys enforced (so a
+    // PreToolUse read never blocks on a writer and an evaluation row can never orphan its attempt or
+    // rule version). On top of posture, the three deny-enablement gates report whether a would-be deny
+    // is admissible right now: P0.58 (MLA is the sole effective PreToolUse Write/Edit authority), P0.63
+    // (the active scope's attested forbidden root resolves), and P0.60 (denies are honestly accounted,
+    // none stuck recorded-but-unemitted). The store is created on the first intercepted tool call, so
+    // its absence is informational, not red; P0.58 always runs because admissibility never depends on
+    // any row existing yet, while P0.63/P0.60 read the store and so run only once it exists.
+    {
+        const ce0Path = (0, evidence_1.defaultCe0StorePath)();
+        if (fs.existsSync(ce0Path)) {
+            let ce0;
+            try {
+                ce0 = (0, ce0_store_1.openCe0Store)(ce0Path);
+                // P0.15: a deliberate full-database integrity scan FIRST. If the local SQLite authority is
+                // corrupt the PreToolUse hook silently fails open, so doctor must surface that RED before
+                // reading anything else; the version/wal/fk/accounting/path-root reads below are meaningless
+                // on an unsound store, so they only run once integrity holds.
+                const integrity = ce0IntegrityCheck(ce0QuickCheckResult(ce0));
+                checks.push(integrity);
+                if (integrity.ok) {
+                    const version = ce0.db.pragma("user_version", { simple: true });
+                    const journalMode = ce0.db.pragma("journal_mode", { simple: true });
+                    const foreignKeys = ce0.db.pragma("foreign_keys", { simple: true });
+                    const busyTimeout = ce0.db.pragma("busy_timeout", { simple: true });
+                    checks.push(schemaVersionCheck(version, interception_schema_1.CE0_INTERCEPTION_SCHEMA_VERSION));
+                    checks.push(walModeCheck(journalMode));
+                    checks.push(foreignKeysCheck(foreignKeys));
+                    checks.push(busyTimeoutCheck(busyTimeout));
+                    // P0.60: honest deny-emission accounting (never RED, just surfaces the count).
+                    checks.push(denyEmissionAccountingCheck((0, interception_store_1.countDenyDecisionsAwaitingEmission)(ce0)));
+                    // Historical fail-open visibility: any DENY-ceiling violation that ever passed un-governed
+                    // (RULE_ENFORCEMENT_UNAVAILABLE, decision 5). Info, not RED: the append-only ledger must not
+                    // pin doctor RED forever, so the count itself is the loud alert deny-admission.ts promises.
+                    checks.push(failOpenEnforcementCheck((0, interception_store_1.countFailOpenEnforcementViolations)(ce0)));
+                    // P0.63: the attested forbidden root resolves for the active scope. Mirror the enforce seam:
+                    // read the active scope's LIVE notes-location version, and if one is attested, resolve its
+                    // forbidden root against the active runtime root exactly as the seam would at a would-be deny.
+                    // With no LIVE version the path-root gate is simply inactive (informational, not red).
+                    const runtimeRoot = (0, runtime_scope_1.resolveActiveRuntimeScopeId)();
+                    const liveVersion = (0, local_rule_version_repo_1.getLiveLocalRuleVersion)(ce0, runtimeRoot, attest_notes_location_1.NOTES_LOCATION_RULE_ID);
+                    if (liveVersion) {
+                        const payload = JSON.parse(liveVersion.rulePayload);
+                        checks.push(attestedPathRootCheck((0, deny_admission_1.resolveAttestedPathRoot)({
+                            configuredRelativeForbiddenPath: payload.compliance.config.forbiddenRootRelativePath,
+                            activeRuntimeProjectRoot: runtimeRoot,
+                        })));
+                    }
+                    else {
+                        checks.push({
+                            ok: true,
+                            level: "info",
+                            label: `no LIVE notes-location rule attested in this scope (${runtimeRoot}); path-root gate inactive`,
+                        });
+                    }
+                }
+            }
+            catch (e) {
+                checks.push({ ok: false, label: "CE0 interception store posture", detail: e.message });
+            }
+            finally {
+                if (ce0)
+                    (0, ce0_store_1.closeCe0Store)(ce0);
+            }
+        }
+        else {
+            checks.push({
+                ok: true,
+                level: "info",
+                label: `CE0 interception store not yet created (${ce0Path}); posture checks run after the first intercepted tool call`,
+            });
+        }
+        checks.push(managedPreToolUseHookCheck((0, live_input_authority_1.resolveLiveInputAuthority)()));
+    }
+    console.log("Doctor:");
+    for (const c of checks)
+        console.log(fmt(c));
+    const code = doctorExitCode(checks);
+    if (code !== 0) {
+        console.error("\nDoctor RED. Fix the failing rows before dogfooding.");
+        return code;
+    }
+    console.log("\nDoctor GREEN.");
+    return 0;
+}