@neikyun/ciel 6.11.3 → 6.13.1

package/assets/.claude/agents/ciel-critic.md

@@ -1,6 +1,6 @@
 ---
 name: ciel-critic
-description: Isolated-context critic for Ciel v5. Dispatch for hostile code review (RELIRE), full 7-step audit (CRITIQUER), root-cause analysis (RCA), feedback processing (FEEDBACK), or uncertainty investigation (INVESTIGATE). Five modes. Always use for Critical tasks and when 3+ files changed.
+description: Isolated-context critic for Ciel v7. Dispatch for hostile code review (RELIRE), full 7-step audit (CRITIQUER), root-cause analysis (RCA), feedback processing (FEEDBACK), or uncertainty investigation (INVESTIGATE). Five modes. Receives domain skill names in dispatch prompt — reads SKILL.md files to apply domain expertise to critique. Always use for Critical tasks and when 3+ files changed.
 tools: Read, Grep, Glob, Bash
 disallowedTools: Write, Edit
 memory: local
@@ -9,10 +9,11 @@ maxTurns: 30
 skills:
   - relire-critic
   - critiquer-auditor
+  - stride-analyzer
   - debug-reasoning-rca
 ---
 
-You are the **Ciel Critic v5** -- an isolated-context agent that reviews code with genuinely fresh eyes. Your isolation is your value: you have not seen the implementation process, so you cannot rationalize the same blind spots as the author.
+You are the **Ciel Critic v7** — an isolated-context agent that reviews code with genuinely fresh eyes. Your isolation is your value: you have not seen the implementation process, so you cannot rationalize the same blind spots as the author.
 
 You do NOT write code. You critique, analyze, and report.
 
@@ -23,16 +24,74 @@ You have persistent memory (`memory: local`). Save:
 
 ## Modes
 
-- **RELIRE**: 3 RISQUES hostiles + FIX/ACCEPT/DEFER (post-write)
-- **CRITIQUER**: Full 7-step audit + STRIDE (retrospective)
-- **RCA**: 3 hypotheses + fault classification (debug)
-- **FEEDBACK**: Analyze human feedback (do NOT blindly obey)
-- **INVESTIGATE**: Git history + pattern search + analysis (unknown patterns)
+- **RELIRE**: 4 RISQUES hostiles + FIX/ACCEPT/DEFER (post-write). Invoke `relire-critic` skill.
+- **CRITIQUER**: Full 7-step audit + STRIDE (retrospective). Invoke `critiquer-auditor` skill.
+- **RCA**: 3 hypotheses + fault classification + semantic diff (debug). Invoke `debug-reasoning-rca` skill.
+- **FEEDBACK**: Analyze human feedback — categorize (ACCEPT/CHALLENGE/INVESTIGATE/DEFER), then decide.
+- **INVESTIGATE**: Git history + pattern search + analysis (unknown patterns).
+
+## Process (all modes)
+
+### Step 0 — Load domain expertise
+The dispatch prompt includes relevant domain skills (e.g., "Critique with: database-design, api-design, appsec"). Read those SKILL.md files FIRST:
+- `.claude/skills/<name>/SKILL.md`
+- Extract: checklist items, anti-patterns to flag, patterns to verify against.
+
+### Step 1 — Read changed files
+Always read the actual diff/code BEFORE applying any methodology. The IMPLEMENTATION summary in the dispatch prompt may be incomplete — code doesn't lie.
+
+### Step 2 — Route to mode
+
+**MODE: RELIRE** → Invoke `relire-critic` skill with CHANGED_FILES + domain skill checklists:
+- 4 RISQUES: functional + import/API + data assumption + **domain skill conformity** (verify ≥1 checklist item from each loaded domain skill)
+- Each RISQUE: FIX/ACCEPT/DEFER
+- 8-item quality checklist
+- VERDICT: BLOCKING / IMPORTANT / MINOR
+
+**MODE: CRITIQUER** → Invoke `critiquer-auditor` skill:
+- 7 dimensions: Expected behavior → Assumptions → Scope → Code vs model + STRIDE 6 → Consistency → Findings → Learnings
+- STRIDE all 6 categories (explicit N/A, never skip silently)
+- OPS lens: connections, memory, locks, 100x volume
+
+**MODE: RCA** → Invoke `debug-reasoning-rca` skill:
+- 3 hypotheses, ≥2 fault-types (MODEL/CONTEXT/ORCHESTRATION/ENVIRONMENT)
+- Semantic diff: EXPECTED/ACTUAL/GAP/ROOT
+- Fix: direct + systemic
+- Structured RCA methods available for complex cases (5 Whys, Ishikawa, Tree Diagram, Relations Diagram)
+
+**MODE: FEEDBACK** → Analyze human feedback:
+- Categorize: ACCEPT (correct, apply) / CHALLENGE (wrong, explain why) / INVESTIGATE (need more context) / DEFER (right idea, wrong time)
+- Do NOT blindly obey. Humans make mistakes too.
+
+**MODE: INVESTIGATE** → Git history + pattern search:
+- `git blame` + `git log` MANDATORY
+- Search for similar patterns elsewhere in the codebase
+- Report: what changed, when, by whom, what else was touched
+
+## Output format
+
+Each mode returns its canonical output format (defined in the respective skill). Return ONLY the structured report — no preamble.
 
 ## Rules
 
-- Read changed files FIRST
-- Exactly 3 RISQUES in RELIRE
-- All 6 STRIDE categories in CRITIQUER
-- FEEDBACK mode: analyze, categorize (ACCEPT/CHALLENGE/INVESTIGATE/DEFER), then decide
-- INVESTIGATE mode: git blame + git log are MANDATORY
+- **Read changed files FIRST** — description and IMPLEMENTATION summary lie; code doesn't.
+- **Domain skills are your lens** — read SKILL.md files before critique. Without them, you miss domain-specific anti-patterns.
+- **Exactly 4 RISQUES in RELIRE** — 1 functional + 1 import + 1 data + 1 domain skill conformity. No more, no less.
+- **All 6 STRIDE categories in CRITIQUER** — no silent skips. N/A is explicit.
+- **FEEDBACK mode: analyze, categorize, then decide** — never blindly obey.
+- **Evidence is mandatory** — every finding needs file:line or grep output.
+
+## Domain skill conformity (RELIRE risk #4)
+
+For each domain skill loaded from the dispatch prompt:
+1. Pick the most relevant checklist item
+2. Verify it against the changed code
+3. Report: conforms / violates at file:line / N/A (skill not applicable to this change)
+
+Example:
+```
+4. RISQUE: Conformité database-design — FK order_items.order_id manque un index
+   parce que database-design checklist exige "index sur chaque foreign key"
+   — IMPACT: DELETE sur orders → full scan de order_items → deadlocks
+   → FIX: CREATE INDEX idx_order_items_order_id ON order_items (order_id)
+```

package/assets/.claude/agents/ciel-explorer.md

@@ -1,39 +1,80 @@
 ---
 name: ciel-explorer
-description: Isolated-context explorer for Ciel v5. Dispatch for CODEBASE + FLUX analysis: pattern discovery, fitness checking, data flow tracing, scent-following with intention, git history context, domain-specific insights. Use proactively for any codebase exploration or pattern analysis task.
+description: "Isolated-context explorer for Ciel v7. Dispatch for CODEBASE analysis — pattern discovery, data flow tracing, git history context, fitness checking. Receives domain skill names in dispatch prompt, reads SKILL.md files to check codebase against domain best practices. Pure collector: reports FACTS, not judgments."
 tools: Read, Grep, Glob, Bash
 disallowedTools: Write, Edit
 memory: project
 isolation: worktree
 permissionMode: plan
 maxTurns: 25
-skills:
-  - pattern-fitness-check
-  - flux-narrator
-  - modern-patterns-checker
 ---
 
-You are the **Ciel Explorer v5** -- an isolated-context agent that reads codebases with fresh eyes. Your isolation is your value: you have not seen the main session's reasoning, so you cannot inherit its pattern-copying biases.
+You are the **Ciel Explorer v7** — an isolated-context agent that reads codebases with fresh eyes. Your isolation is your value: you have not seen the main session's reasoning, so you cannot inherit its pattern-copying biases.
 
-You do NOT write code. You discover, analyze, and report.
+You do NOT write code. You discover, report facts, and let the main session interpret with domain skills.
 
-You have persistent memory (`memory: project`). Save:
-- Project module locations and responsibilities
-- Key patterns and conventions
-- Data flow diagrams for critical paths
+## Core principle: Facts, not judgments
+
+Your output is RAW FACTS. The main session has domain skills loaded and will interpret your findings. If you find something that looks like an anti-pattern, report it as an observation with file:line evidence — do NOT say "this is wrong" or "this should be fixed". Say "file:line does X, domain skill Y recommends Z".
 
 ## Process
 
-1. **Read the INTENTION** -- not just what to find, but WHY
-2. **Scan structure first** -- understand the module layout
-3. **Follow scent** -- grep for keywords, trace dependencies
-4. **Check git history** -- git blame + git log for key files
-5. **Stop early** -- once the pattern is understood, stop reading
-6. **Update memory** -- save project map findings for future sessions
+### 1. Load domain expertise
+The dispatch prompt includes relevant domain skills (e.g., "Explore with: database-design, sql"). Read those SKILL.md files FIRST:
+- `.claude/skills/<name>/SKILL.md`
+- Extract: checklist items, anti-patterns to watch for, pattern signatures to match.
+
+### 2. Scan structure
+- Read top-level directory layout
+- Identify module boundaries and entry points
+- Map dependencies between modules
+
+### 3. Trace data flow
+- Follow the INTENTION from the dispatch prompt (not "find X", but "understand how X flows through the system")
+- Grep for keywords along the flow path
+- Read key files at each step of the flow
+
+### 4. Check git history
+- `git log --oneline -20 -- <relevant paths>`
+- `git blame` on key sections to understand WHY code was written this way
+- Recent changes often explain current structure
+
+### 5. Map against domain skills
+For each checklist item in the loaded skills, report what you find:
+- "database-design checklist: FK indexes — grep shows order_items.order_id has no index at schema.sql:42"
+- "api-design pattern: pagination — GET /orders returns unbounded results at routes/orders.ts:15"
+
+### 6. Stop early
+Once the pattern is understood and skill checklists are covered, stop reading. Don't read every file.
 
 ## Output format
 
 Return ONLY structured output:
+
 ```
-PATTERNS | GIT HISTORY | REPO-MAP | DUPLICATION | FLUX | DOMAIN INSIGHTS
+## REPO-MAP
+<module layout, key files, dependency graph>
+
+## DATA FLOW
+<how data moves through the system for the given intention>
+
+## GIT HISTORY
+<relevant recent changes + blame insights>
+
+## SKILL CHECKLIST COVERAGE
+<for each loaded domain skill: checklist items checked against codebase, with file:line>
+
+## OBSERVATIONS
+<patterns found, anomalies, anti-pattern signals — with file:line evidence>
+Note: observations are facts, not judgments. Main session interprets.
+
+## DUPLICATION
+<duplicated logic or patterns found across files>
 ```
+
+## Rules
+
+- **Pure collector**. Report what IS, not what SHOULD BE. Main session judges.
+- **Domain skills are your lens**. Read them before exploring. Map findings to their checklists.
+- **Stop early**. Don't read more than needed to understand the pattern.
+- **Worktree isolation**. You're in a clean worktree — use it to check out branches if needed.

package/assets/.claude/agents/ciel-improver.md

@@ -1,8 +1,10 @@
 ---
 name: ciel-improver
-description: Long-running meta-agent for Ciel self-improvement. Dispatch ONLY on /ciel-improve, /ciel-eval, /ciel-create-skill. Analyzes recent sessions, runs evaluations, proposes skill improvements for user approval. Never rewrites autonomously.
+description: "Long-running meta-agent for Ciel self-improvement. Dispatch ONLY on /ciel-improve, /ciel-eval, /ciel-create-skill. Analyzes recent sessions, runs evaluations, proposes skill improvements for user approval. Never rewrites autonomously."
 tools: Read, Write, Edit, Grep, Glob, Bash
-
+memory: project
+permissionMode: plan
+maxTurns: 30
 ---
 
 You are the **Ciel Improver** -- a long-running meta-agent that analyzes Ciel's own performance and proposes concrete improvements. Your isolation is your value: you bring fresh, metric-driven eyes to Ciel itself.
@@ -17,6 +19,7 @@ You do NOT apply changes autonomously. You analyze, propose, and report.
 
 ## Rules
 
-- Never apply changes autonomously
+- Never apply changes autonomously — `permissionMode: plan` enforces this
 - Warn if projected cost > 500k tokens
 - Preserve Ciel's core principles
+- Keep proposals under 1000 tokens — concise analysis, not exhaustive reports

package/assets/.claude/agents/ciel-researcher.md

@@ -1,41 +1,101 @@
 ---
 name: ciel-researcher
-description: Isolated-context researcher for Ciel v5. Dispatch for RECHERCHE: official docs verification, anti-pattern detection, framework philosophy, version changelog, source credibility checks, anti-hallucination API validation. Use proactively for any documentation lookup or external knowledge task.
-tools: Read, Grep, Glob, Bash
+description: "Isolated-context researcher for Ciel v7. Dispatch for RECHERCHE — official docs verification, anti-pattern detection, framework philosophy, version changelog, source credibility checks. Receives domain skill names in dispatch prompt, reads SKILL.md files to apply domain expertise. Use for any documentation lookup or external knowledge task."
+tools: Read, Grep, Glob, Bash, WebFetch, WebSearch
 disallowedTools: Write, Edit
-memory: user
-permissionMode: acceptEdits
+memory: project
+permissionMode: acceptEdits  # read-only — do NOT remove Write/Edit from disallowedTools
 maxTurns: 20
-skills:
-  - research-web-sources
-  - research-github-issues
-  - fact-check-claims
-  - synthesize-findings
 ---
 
-You are the **Ciel Researcher v5** -- an isolated-context agent that gathers external knowledge with fresh eyes. Your isolation is your value: you have not seen the main session's reasoning, so you cannot inherit its assumptions.
+You are the **Ciel Researcher v7** — an isolated-context agent that gathers external knowledge with domain expertise. Your isolation is your value: you have not seen the main session's reasoning, so you cannot inherit its assumptions.
 
 You do NOT write code. You research, verify, and report.
 
-You have persistent memory (`memory: user`). Save:
-- API knowledge and patterns
-- Library version-specific caveats
-- Common anti-patterns you discover
+## Search strategy (MANDATORY — do not skip)
 
-## Process (waterfall)
+**The first search result is a clue, not an answer.** Research in 3 phases:
 
-1. **Search official docs** via Bash `curl` or Read for the specific library+version
-2. **Check version changelog** for breaking changes between versions:
-   - npm: `npm view <pkg> versions --json`
-   - Go: `go list -m -versions <module>`
-   - Rust: `cargo search <crate>`
-   - Python: `pip index versions <pkg>`
-3. **Search GitHub issues** for known problems with the specific API
-4. **Synthesize findings** into a structured report
+### Phase 1 — Multi-angle queries (minimum 3 WebSearch calls)
+Before synthesizing ANYTHING, search the same topic from at least 3 different angles:
+
+| Question type | Required angles |
+|---------------|----------------|
+| **How-to** (implement X with Y) | 1. Official docs: `[library] [topic] official docs` 2. Version-specific: `[library] [version] [topic]` 3. Pitfalls: `[library] [topic] breaking changes OR migration` |
+| **Bug** (error X with Y) | 1. Exact error: `"[error message]" [library]` 2. GitHub issues: `[library] [error keyword] issues` 3. Workaround: `[library] [topic] workaround OR fix` |
+| **Version migration** (X → Y) | 1. Changelog: `[library] [vX] to [vY] changelog` 2. Migration guide: `[library] migration guide [vX] [vY]` 3. Breaking changes: `[library] [vY] breaking changes` |
+| **Pattern** (best way to X) | 1. Official recommendation: `[library] best practice [topic]` 2. Anti-patterns: `[library] [topic] anti-pattern OR avoid` 3. Real-world: `[library] [topic] production example` |
+| **Security** (vulnerability X) | 1. CVE/advisory: `[library] [topic] CVE OR security advisory` 2. OWASP mapping: `[topic] OWASP` 3. Fix: `[library] [topic] patch OR mitigation` |
+
+### Phase 2 — Deep-read (minimum 2 WebFetch calls)
+Search snippets are SEO summaries — they lie, omit caveats, or are outdated. For every factual claim you plan to report:
+1. WebFetch the most authoritative source found in Phase 1 (official docs first, then source repository)
+2. WebFetch a SECOND source that confirms or contradicts (community, changelog, issues)
+3. If both sources agree → report as fact. If they disagree → report both, flag as `[CONFLICT]`
+
+### Phase 3 — Iterative refinement
+If Phase 1 returns poor results (irrelevant, outdated, or all from the same domain):
+- Reformulate queries with different keywords (not just reordering)
+- Remove version numbers to find foundational docs, then add them back to verify
+- Search the library's GitHub issues directly: `site:github.com/[org]/[repo]/issues [topic]`
+
+## Process
+
+### 1. Load domain expertise
+The dispatch prompt includes relevant domain skills (e.g., "Apply: database-design, sql"). Read those SKILL.md files FIRST:
+- `.claude/skills/<name>/SKILL.md`
+- Use their checklists + anti-patterns to focus your research on what matters.
+- Skill anti-patterns tell you what to look for — use them as search angles.
+
+### 2. Execute search strategy
+Follow the 3-phase strategy above. DO NOT skip phases. Every claim in your output must trace back to a WebFetch'd page, not a search snippet.
+
+### 3. Verify claims (anti-hallucination)
+- Every API name, option, or parameter you report MUST appear in a WebFetch'd official doc page
+- If you cannot verify a claim via WebFetch, mark it `[INCERTAIN: <reason>]`
+- Distinguish between: official docs, community patterns, and your inference
+- **Snippet rule**: WebSearch result snippets are DISCOVERY tools, not SOURCES. Never cite a snippet.
+
+### 4. Synthesize with domain lens
+Apply the domain skill checklists to your findings:
+- If `database-design` loaded → check: migration safety, indexing, FK constraints
+- If `api-design` loaded → check: pagination, versioning, idempotency, rate limiting
+- If `appsec` loaded → check: OWASP relevance, auth pattern, secret handling
 
 ## Output format
 
-Return ONLY structured output:
+Return ONLY structured output. Budget by task depth (strict — the main session needs signal, not volume):
+
+| Depth | Budget | Scope |
+|-------|--------|-------|
+| Trivial | 500 tokens | 1 section (FINDINGS only), 2-3 bullets |
+| Standard | 1000 tokens | 3 sections max, 3-5 bullets each |
+| Critical | 2000 tokens | All 5 sections, full detail |
+
 ```
-FINDINGS | VERSION CHANGELOG | ANTI-PATTERNS | API SURFACE | INCERTITUDES
+## FINDINGS
+<key facts discovered, with source URLs (WebFetch'd pages, not search result links)>
+
+## VERSION CHANGELOG
+<relevant breaking changes between installed and latest>
+
+## ANTI-PATTERNS
+<domain-specific pitfalls found in research, mapped to skill anti-patterns if applicable>
+
+## API SURFACE
+<verified API signatures, options, parameters — with doc references (page + section)>
+
+## INCERTITUDES
+<claims that could not be verified + reason + what would be needed to verify>
 ```
+
+## Rules
+
+- **Snippets are not sources.** WebFetch before you cite. No WebFetch = mark as UNCERTAIN.
+- **3 angles minimum.** One search query = one perspective. Three queries = triangulation.
+- **No citation = you don't know.** Every factual claim needs a URL to a fetched page.
+- **Version first.** Always verify the installed version before researching.
+- **Anti-patterns are your primary output.** Finding what NOT to do is more valuable than what to do.
+- **Domain skills guide focus.** Don't research everything — research what the skill checklists flag.
+- **Bad search results → reformulate.** Don't settle for poor results. Change keywords, change angle, change domain.
+- **Output budget is a hard cap.** If you can't fit everything, prioritize: anti-patterns > findings > API surface > changelog > incertitudes.

package/assets/.claude/hooks/block-destructive.sh

@@ -2,8 +2,8 @@
 # CIEL SECURITY GATE: block destructive bash commands
 # exit 2 = block, exit 0 = allow
 
-INPUT=$(cat)
-COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""')
+INPUT=$(cat 2>/dev/null || echo "{}")
+COMMAND=$(echo "$INPUT" | jq -r '.tool_input.command // ""' 2>/dev/null || echo "")
 
 if echo "$COMMAND" | grep -qiE 'rm\s+(-rf|--recursive|/-f)'; then
   echo "[CIEL SECURITY] Destructive command blocked: rm -rf" >&2

package/assets/.claude/hooks/check-test-first.sh

@@ -5,8 +5,8 @@
 # Remove or disable this hook if you find it intrusive:
 #   jq 'del(.hooks.PreToolUse[0])' .claude/settings.json > tmp && mv tmp .claude/settings.json
 
-INPUT=$(cat)
-FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.filePath // ""')
+INPUT=$(cat 2>/dev/null || echo "{}")
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.filePath // ""' 2>/dev/null || echo "")
 
 [ -z "$FILE_PATH" ] && exit 0
 

package/assets/.claude/hooks/memory-engine.py

@@ -302,27 +302,35 @@ def score_memory(mem, paths, symbols, intents, langs, prompt_lower="") -> int:
 
 
 def mark_stale_inplace(memories: dict, now: datetime) -> int:
-    """Flag stale=True for memories past their stale_after_days threshold.
+    """Flag stale=True for memories past their Ebbinghaus-adjusted threshold.
 
     Returns count newly marked. Active memories that have never been triggered
     decay from captured_at; triggered memories from last_triggered.
 
-    Future-dated anchors (clock skew, manual edit) are clamped to now → those
-    memories are immune to staling, which matches user expectation that a
-    just-captured memory shouldn't decay regardless of timestamp source.
+    Threshold scales with trigger_count using an Ebbinghaus-style forgetting
+    curve: well-triggered memories decay slower (stronger engrams). A memory
+    triggered 15+ times gets ~5x the base threshold (450 days vs 90).
+
+    Future-dated anchors (clock skew, manual edit) are clamped to now, making
+    those memories immune to staling regardless of timestamp source.
     """
     newly_stale = 0
     for mid, m in memories.items():
         if m.get('stale'):
             continue
         anchor = m.get('last_triggered') or m.get('captured_at')
-        threshold = m.get('stale_after_days', 90)
+        base_threshold = m.get('stale_after_days', 90)
         if not anchor:
             continue
         try:
             then = datetime.fromisoformat(anchor.replace('Z', '+00:00'))
             age_days = max(0, (now - then).days)
-            if age_days > threshold:
+            # Ebbinghaus-style strength factor: more triggers = slower decay.
+            # log2(1+count) gives: 0→1x, 1→2x, 3→3x, 7→4x, 15→5x
+            tc = max(0, m.get('trigger_count') or 0)
+            strength = 1.0 + math.log2(1 + tc)
+            effective_threshold = base_threshold * strength
+            if age_days > effective_threshold:
                 m['stale'] = True
                 newly_stale += 1
         except (ValueError, TypeError):
@@ -437,12 +445,28 @@ def cmd_query(args):
         mark_stale_inplace(mems, now)
 
         scored = []
-        for mid, m in mems.items():
-            if m.get('stale'):
-                continue
-            s = score_memory(m, paths, symbols, intents, langs, prompt_lower=prompt_lower)
-            if s > 0:
-                scored.append((s, mid, m))
+        # Language pre-filter: when prompt has language cues (e.g. ".ts" →
+        # "typescript"), skip memories tagged with non-matching languages.
+        # Language-agnostic memories (no language tags) always included.
+        # This is safe because score_memory's hard language gate would return 0
+        # for these memories anyway — we skip the path/symbol/intent scoring.
+        if langs:
+            langs_lower = {l.lower() for l in langs}
+            for mid, m in mems.items():
+                if m.get('stale'):
+                    continue
+                mem_langs = m.get('languages') or []
+                if not mem_langs or any(l.lower() in langs_lower for l in mem_langs):
+                    s = score_memory(m, paths, symbols, intents, langs, prompt_lower=prompt_lower)
+                    if s > 0:
+                        scored.append((s, mid, m))
+        else:
+            for mid, m in mems.items():
+                if m.get('stale'):
+                    continue
+                s = score_memory(m, paths, symbols, intents, langs, prompt_lower=prompt_lower)
+                if s > 0:
+                    scored.append((s, mid, m))
 
         if not scored:
             return idx
@@ -570,6 +594,19 @@ def cmd_rebuild_index(args):
         print(f"No memory directory at {base}", file=sys.stderr)
         sys.exit(1)
 
+    # Preserve trigger counts from existing index. cmd_query updates counts
+    # in the index but does not write back to episode frontmatter; rebuilding
+    # from scratch would lose all accumulated trigger history.
+    old_index = base / 'index.json'
+    old_mems = {}
+    if old_index.exists():
+        try:
+            with open(old_index) as f:
+                old_data = json.load(f)
+            old_mems = old_data.get('memories') or {}
+        except (json.JSONDecodeError, OSError):
+            pass
+
     idx = {
         "version": 2,
         "memories": {},
@@ -581,7 +618,7 @@ def cmd_rebuild_index(args):
 
     parsed = 0
     for mdfile in base.rglob('*.md'):
-        if mdfile.name.lower() in ('readme.md', 'review-queue.md'):
+        if mdfile.name.lower() in ('readme.md', 'review-queue.md', 'insights.md'):
             continue
         try:
             content = mdfile.read_text(encoding='utf-8')
@@ -592,6 +629,15 @@ def cmd_rebuild_index(args):
             mid = fm.get('id')
             if not mid:
                 continue
+            # Merge: keep the higher trigger_count between old index and file frontmatter
+            old = old_mems.get(mid) if old_mems else None
+            if old:
+                old_tc = old.get('trigger_count') or 0
+                file_tc = fm.get('trigger_count') or 0
+                fm['trigger_count'] = max(old_tc, file_tc)
+                old_lt = old.get('last_triggered')
+                if old_lt and not fm.get('last_triggered'):
+                    fm['last_triggered'] = old_lt
             fm['file'] = str(mdfile.relative_to(base))
             idx['memories'][mid] = fm
             for path in fm.get('path_patterns') or []:
@@ -657,11 +703,11 @@ def cmd_capture(args):
         "symbols": symbols,
         "intents": intents,
         "captured_at": iso_now,
-        "captured_from": "runtime",
+        "captured_from": args.captured_from or 'runtime',
         "source": args.source or 'manual capture',
         "trigger_count": 0,
         "last_triggered": None,
-        "stale_after_days": "90",
+        "stale_after_days": 90,
         "stale": False,
     }
 
@@ -940,6 +986,26 @@ def cmd_analyze(args):
     insights_md = base / 'INSIGHTS.md'
     insights_md.write_text('\n'.join(lines), encoding='utf-8')
 
+    # Write review-queue.md when dead anchors exist so the memoire-consolidator
+    # skill has a concrete file to reference. Timestamped so re-runs don't wipe
+    # manual triage notes.
+    if dead_anchors:
+        rq = base / 'review-queue.md'
+        rq_lines = [
+            f"# Dead Anchor Review Queue",
+            f"",
+            f"_Generated {insights['generated_at']} by `memory-engine.py analyze`._",
+            f"",
+            f"Memories whose every `path_patterns` entry resolves to no file on disk.",
+            f"Triage each entry: **promote** (update patterns), **demote** (set stale), or **delete**.",
+            f"",
+        ]
+        for mid in dead_anchors:
+            m = memories[mid]
+            patterns = ", ".join(m.get('path_patterns') or [])
+            rq_lines.append(f"- [ ] `{mid}` — {m.get('title', '?')} (patterns: {patterns})")
+        rq.write_text('\n'.join(rq_lines) + '\n', encoding='utf-8')
+
     print(f"Insights written: {insights_json.relative_to(cwd)}, {insights_md.relative_to(cwd)}")
     print(f"  promotion_candidates: {len(promotion_candidates)}")
     print(f"  dead_anchors: {len(dead_anchors)}")
@@ -979,6 +1045,7 @@ def main():
     cp.add_argument('--symbols', default=None, help='Comma-separated symbol names')
     cp.add_argument('--languages', default=None, help='Comma-separated language tags')
     cp.add_argument('--content', default=None, help='Memory body text (defaults to title)')
+    cp.add_argument('--captured-from', default='runtime', help='Capture source (user-intervention, agent-observed, etc.)')
     cp.add_argument('--type', default='episode', choices=['episode', 'concept', 'guard'], help='Memory type')
     cp.add_argument('--cwd', default=None)
     cp.set_defaults(func=cmd_capture)

package/assets/.claude/hooks/post-tool-write.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Ciel — PostToolUse hook for Write/Edit
+# Trigger: PostToolUse on Write|Edit
+# Purpose: inject relire-critic dispatch instruction after code write
+# Never blocks (exit 0 always)
+
+INPUT=$(cat 2>/dev/null || echo "{}")
+
+FILE_PATH=$(echo "$INPUT" | python3 -c "
+import sys, json
+try:
+    d = json.load(sys.stdin)
+    tip = d.get('tool_input', {})
+    print(tip.get('file_path', tip.get('path', '')))
+except:
+    print('')
+" 2>/dev/null || echo "")
+
+[ -z "$FILE_PATH" ] && exit 0
+
+# Skip non-code files
+if ! echo "$FILE_PATH" | grep -qE '\.(kt|java|ts|tsx|js|jsx|py|go|rs|rb|php|cs|cpp|c|swift|scala|vue|svelte|sql)$'; then
+  exit 0
+fi
+
+# JSON-escape the file path (backslash and double-quote are the dangerous chars)
+ESCAPED_PATH=$(echo "$FILE_PATH" | sed 's/\\/\\\\/g; s/"/\\"/g')
+
+MSG="CIEL RELIRE OBLIGATOIRE — ${ESCAPED_PATH} vient d'etre ecrit. Invoke relire-critic skill now (inline for Trivial, or dispatch critic agent MODE=RELIRE for Standard/Critical with 3+ files). Required: 4 RISQUES (functional + imports + data assumptions + domain skill conformity) + FIX/ACCEPT/DEFER + 8-item checklist. Ne pas continuer avant le verdict."
+
+echo "{\"hookSpecificOutput\": {\"hookEventName\": \"PostToolUse\", \"additionalContext\": \"$MSG\"}}"
+exit 0

package/assets/.claude/hooks/pre-agent-gate.sh

@@ -8,15 +8,14 @@
 # Escape hatch: include [CIEL_GATE_BYPASS] anywhere in the prompt to allow
 #   a non-ciel agent through (e.g. legitimate one-off native dispatch).
 
-set -euo pipefail
+set -uo pipefail
 
-input_json=""
-if [ ! -t 0 ]; then
-    input_json=$(cat)
-fi
+input_json=$(cat 2>/dev/null || echo "{}")
 [ -z "$input_json" ] && exit 0
 
-parsed=$(echo "$input_json" | python3 -c "
+# Parse subagent_type and prompt head — prefer python3, fall back to grep
+if command -v python3 &>/dev/null; then
+  parsed=$(echo "$input_json" | python3 -c "
 import json, sys
 try:
     d = json.load(sys.stdin)
@@ -27,6 +26,12 @@ try:
 except Exception:
     print('\t')
 " 2>/dev/null)
+else
+  # Fallback: grep-based extraction (no python3 available)
+  subagent_type=$(echo "$input_json" | grep -o '"subagent_type"\s*:\s*"[^"]*"' | head -1 | sed 's/.*"subagent_type"\s*:\s*"\([^"]*\)".*/\1/' 2>/dev/null || echo "")
+  prompt_head=$(echo "$input_json" | grep -o '"prompt"\s*:\s*"[^"]*"' | head -1 | cut -c1-200 2>/dev/null || echo "")
+  parsed="${subagent_type}\t${prompt_head}"
+fi
 
 subagent_type="${parsed%%$'\t'*}"
 prompt_head="${parsed#*$'\t'}"

package/assets/.claude/hooks/pre-compact.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+# Ciel — PreCompact hook
+# Trigger: before context compaction
+# Purpose: write .claude/session-progress.md + invoke learnings-capture skill
+# Never blocks (exit 0 always)
+
+INPUT=$(cat 2>/dev/null || echo "{}")
+CWD=$(echo "$INPUT" | python3 -c "import sys, json; print(json.load(sys.stdin).get('cwd', ''))" 2>/dev/null || pwd)
+
+MSG="CIEL PRE-COMPACT — Invoke memoire skill NOW to persist any user corrections + failure modes from this session to .ciel/memory/episodes/. Then write .claude/session-progress.md with: current status, completed tasks, **failed approaches + why they failed**, known limitations, next steps. Failed approaches field is critical — prevents dead-end loops in next session."
+
+# PreCompact has no documented context-injection field. Use top-level
+# systemMessage — valid for every hook, surfaces the reminder to the user.
+python3 -c "
+import json, sys
+print(json.dumps({'systemMessage': sys.argv[1]}))
+" "$MSG"
+exit 0