@nerviq/cli 1.11.0 → 1.12.0

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@nerviq/cli",
-  "version": "1.11.0",
-  "description": "The intelligent nervous system for AI coding agents — 2,438 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
+  "version": "1.12.0",
+  "description": "The intelligent nervous system for AI coding agents — 2,441 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
   "main": "src/index.js",
   "bin": {
     "nerviq": "bin/cli.js",

package/src/activity.js

@@ -25,6 +25,8 @@ function getUserId() {
 let _lastTimestamp = '';
 let _counter = 0;
 
+const SNAPSHOT_MILESTONES = ['baseline', 'post-fix', 'pre-upgrade', 'release'];
+
 function timestampId() {
   const ts = new Date().toISOString().replace(/[:.]/g, '-');
   if (ts === _lastTimestamp) {
@@ -133,6 +135,17 @@ function summarizeSnapshot(snapshotKind, payload) {
     };
   }
 
+  if (snapshotKind === 'behavioral-drift') {
+    return {
+      score: payload.score,
+      sourceFiles: payload.repoSummary?.sourceFiles ?? 0,
+      findingCount: Array.isArray(payload.findings) ? payload.findings.length : 0,
+      driftLabels: Array.isArray(payload.driftLabels) ? payload.driftLabels.slice(0, 5) : [],
+      utilityShare: payload.structuralSignals?.utilityBalance?.utilityShare ?? null,
+      layerBreaks: payload.structuralSignals?.layering?.count ?? 0,
+    };
+  }
+
   return {};
 }
 
@@ -167,6 +180,21 @@ function formatSnapshotTags(tags = []) {
   return ` [${normalized.join(', ')}]`;
 }
 
+function normalizeSnapshotMilestone(value) {
+  if (value === null || value === undefined || value === '') return null;
+  const normalized = `${value}`.trim().toLowerCase();
+  if (!SNAPSHOT_MILESTONES.includes(normalized)) {
+    throw new Error(`snapshot milestone must be one of: ${SNAPSHOT_MILESTONES.join(', ')}`);
+  }
+  return normalized;
+}
+
+function formatSnapshotMilestone(value) {
+  const milestone = normalizeSnapshotMilestone(value);
+  if (!milestone) return '';
+  return ` (${milestone})`;
+}
+
 function updateSnapshotIndex(snapshotDir, record) {
   const indexPath = path.join(snapshotDir, 'index.json');
   let entries = [];
@@ -208,6 +236,7 @@ function writeSnapshotArtifact(dir, snapshotKind, payload, meta = {}) {
     ...(Array.isArray(meta.tags) ? meta.tags : (meta.tags ? [meta.tags] : [])),
     ...(meta.tag ? [meta.tag] : []),
   ]);
+  const milestone = normalizeSnapshotMilestone(meta.milestone);
   const { tags: _ignoredTags, tag: _ignoredTag, ...restMeta } = meta;
   const envelope = {
     schemaVersion: 1,
@@ -220,6 +249,7 @@ function writeSnapshotArtifact(dir, snapshotKind, payload, meta = {}) {
     directory: dir,
     summary,
     tags: metaTags,
+    milestone,
     ...restMeta,
     payload,
   };
@@ -232,6 +262,7 @@ function writeSnapshotArtifact(dir, snapshotKind, payload, meta = {}) {
     createdAt: envelope.createdAt,
     relativePath: path.relative(dir, filePath),
     tags: metaTags,
+    milestone,
     summary,
   };
   updateSnapshotIndex(snapshotDir, record);
@@ -406,6 +437,7 @@ function compareLatest(dir) {
       score: current.summary?.score,
       passed: current.summary?.passed,
       tags: current.tags || [],
+      milestone: current.milestone || null,
       scoreType: 'audit-snapshot-score',
     },
     previous: {
@@ -413,6 +445,7 @@ function compareLatest(dir) {
       score: previous.summary?.score,
       passed: previous.summary?.passed,
       tags: previous.tags || [],
+      milestone: previous.milestone || null,
       scoreType: 'audit-snapshot-score',
     },
     delta,
@@ -454,13 +487,13 @@ function formatSnapshotBootstrap(dir, goal = 'history') {
 
   if (snapshotCount === 0) {
     lines.push('  Bootstrap it with:');
-    lines.push('  1. Run `nerviq audit --snapshot --tag "baseline"` to save the baseline.');
+    lines.push('  1. Run `nerviq audit --snapshot --milestone baseline --tag "baseline"` to save the baseline.');
     lines.push('  2. Make a meaningful repo change (`nerviq setup --auto` or `nerviq fix --all-critical --auto`).');
-    lines.push('  3. Run `nerviq audit --snapshot --tag "after-change"` to capture the next state.');
+    lines.push('  3. Run `nerviq audit --snapshot --milestone post-fix --tag "after-change"` to capture the next state.');
   } else {
     lines.push('  Next:');
     lines.push('  1. Make a meaningful repo change (`nerviq setup --auto` or `nerviq fix --all-critical --auto`).');
-    lines.push('  2. Run `nerviq audit --snapshot --tag "after-change"` again.');
+    lines.push('  2. Run `nerviq audit --snapshot --milestone post-fix --tag "after-change"` again.');
   }
 
   if (goal === 'compare') {
@@ -491,7 +524,7 @@ function formatHistory(dir) {
     const score = entry.summary?.score ?? '?';
     const passed = entry.summary?.passed ?? '?';
     const total = entry.summary?.checkCount ?? '?';
-    lines.push(`  ${dateDisplay}  snapshot${formatSnapshotTags(entry.tags)} ${score}/100  (${passed}/${total} checks passing)`);
+    lines.push(`  ${dateDisplay}  snapshot${formatSnapshotMilestone(entry.milestone)}${formatSnapshotTags(entry.tags)} ${score}/100  (${passed}/${total} checks passing)`);
   }
 
   const comparison = compareLatest(dir);
@@ -502,6 +535,9 @@ function formatHistory(dir) {
     if ((comparison.previous.tags || []).length > 0 || (comparison.current.tags || []).length > 0) {
       lines.push(`  Snapshot tags: previous${formatSnapshotTags(comparison.previous.tags)} -> current${formatSnapshotTags(comparison.current.tags)}`);
     }
+    if (comparison.previous.milestone || comparison.current.milestone) {
+      lines.push(`  Lifecycle: previous${formatSnapshotMilestone(comparison.previous.milestone)} -> current${formatSnapshotMilestone(comparison.current.milestone)}`);
+    }
     if (comparison.improvements.length > 0) {
       lines.push(`  Fixed: ${comparison.improvements.join(', ')}`);
     }
@@ -532,22 +568,23 @@ function exportTrendReport(dir) {
     '',
     '## Audit Snapshot History',
     '',
-    '| Date | Tags | Score | Passed | Checks |',
-    '|------|------|-------|--------|--------|',
+    '| Date | Milestone | Tags | Score | Passed | Checks |',
+    '|------|-----------|------|-------|--------|--------|',
   ];
 
   for (const entry of history) {
     const date = entry.createdAt?.split('T')[0] || '?';
+    const milestone = entry.milestone || '-';
     const tags = (entry.tags || []).length > 0 ? entry.tags.join(', ') : '-';
-    lines.push(`| ${date} | ${tags} | ${entry.summary?.score ?? '?'}/100 | ${entry.summary?.passed ?? '?'} | ${entry.summary?.checkCount ?? '?'} |`);
+    lines.push(`| ${date} | ${milestone} | ${tags} | ${entry.summary?.score ?? '?'}/100 | ${entry.summary?.passed ?? '?'} | ${entry.summary?.checkCount ?? '?'} |`);
   }
 
   if (comparison) {
     lines.push('');
     lines.push('## Latest Comparison');
     lines.push('');
-    lines.push(`- **Previous snapshot score:** ${comparison.previous.score}/100 (${comparison.previous.date?.split('T')[0]})${formatSnapshotTags(comparison.previous.tags)}`);
-    lines.push(`- **Current snapshot score:** ${comparison.current.score}/100 (${comparison.current.date?.split('T')[0]})${formatSnapshotTags(comparison.current.tags)}`);
+    lines.push(`- **Previous snapshot score:** ${comparison.previous.score}/100 (${comparison.previous.date?.split('T')[0]})${formatSnapshotMilestone(comparison.previous.milestone)}${formatSnapshotTags(comparison.previous.tags)}`);
+    lines.push(`- **Current snapshot score:** ${comparison.current.score}/100 (${comparison.current.date?.split('T')[0]})${formatSnapshotMilestone(comparison.current.milestone)}${formatSnapshotTags(comparison.current.tags)}`);
     lines.push(`- **Snapshot delta:** ${comparison.delta.score >= 0 ? '+' : ''}${comparison.delta.score} points`);
     lines.push(`- **Trend:** ${comparison.trend}`);
     if (comparison.improvements.length > 0) lines.push(`- **Fixed:** ${comparison.improvements.join(', ')}`);
@@ -981,6 +1018,9 @@ module.exports = {
   writeSnapshotArtifact,
   normalizeSnapshotTags,
   formatSnapshotTags,
+  normalizeSnapshotMilestone,
+  formatSnapshotMilestone,
+  SNAPSHOT_MILESTONES,
   readSnapshotIndex,
   getHistory,
   compareLatest,

package/src/adoption-advisor.js

@@ -0,0 +1,299 @@
+'use strict';
+
+const { getMcpPackPreflight } = require('./mcp-packs');
+
+const DECISION_ORDER = { adopt: 0, defer: 1, ignore: 2 };
+
+function unique(values) {
+  return [...new Set((values || []).filter(Boolean))];
+}
+
+function makeItem(item) {
+  return {
+    decision: item.decision,
+    kind: item.kind,
+    key: item.key,
+    label: item.label,
+    why: item.why,
+    evidence: unique(item.evidence),
+    prerequisites: unique(item.prerequisites),
+    expectedBenefit: item.expectedBenefit,
+    rollbackSafety: item.rollbackSafety,
+  };
+}
+
+function summarize(items = []) {
+  const counts = items.reduce((acc, item) => {
+    acc[item.decision] = (acc[item.decision] || 0) + 1;
+    return acc;
+  }, { adopt: 0, defer: 0, ignore: 0 });
+
+  return {
+    adopt: counts.adopt || 0,
+    defer: counts.defer || 0,
+    ignore: counts.ignore || 0,
+    label: `${counts.adopt || 0} adopt now / ${counts.defer || 0} defer / ${counts.ignore || 0} ignore`,
+  };
+}
+
+function inferMcpPackPrerequisites(pack, preflightEntry) {
+  const prerequisites = [];
+  if (preflightEntry && Array.isArray(preflightEntry.missingEnvVars) && preflightEntry.missingEnvVars.length > 0) {
+    prerequisites.push(`Provide required env vars: ${preflightEntry.missingEnvVars.join(', ')}`);
+  }
+
+  if (/Pass connection string as CLI argument/i.test(pack.adoption || '')) {
+    prerequisites.push('Provide a live connection string or DATABASE_URL before enabling this MCP pack.');
+  }
+
+  if (/Docker running locally/i.test(pack.adoption || '')) {
+    prerequisites.push('Docker must be running locally before this MCP pack is useful.');
+  }
+
+  if (/OAuth/i.test(pack.adoption || '')) {
+    prerequisites.push('Complete the OAuth or external auth setup before enabling this MCP pack in shared flows.');
+  }
+
+  if (/community-maintained/i.test(pack.adoption || '')) {
+    prerequisites.push('Review the package trust/update posture before enabling it in a wider team baseline.');
+  }
+
+  return unique(prerequisites);
+}
+
+function buildIgnoreItems(repoArchetype, operatingProfile, recommendedDomainPacks = []) {
+  const items = [];
+  const domainKeys = new Set((recommendedDomainPacks || []).map((pack) => pack.key));
+
+  if (operatingProfile.platformSupport.strategy === 'single-platform-baseline') {
+    items.push(makeItem({
+      decision: 'ignore',
+      kind: 'platform-expansion',
+      key: 'broad-platform-expansion',
+      label: 'Broad multi-platform expansion',
+      why: 'This repo should stabilize one governed primary platform before adding more AI surfaces.',
+      evidence: [
+        `Platform strategy: ${operatingProfile.platformSupport.strategy}`,
+        `Archetype: ${repoArchetype.label}`,
+      ],
+      prerequisites: [],
+      expectedBenefit: 'Prevents governance drift caused by widening the tool surface too early.',
+      rollbackSafety: 'Nothing is applied here; this is an intentional skip until the baseline matures.',
+    }));
+  }
+
+  if (repoArchetype.topology.key !== 'monorepo') {
+    items.push(makeItem({
+      decision: 'ignore',
+      kind: 'ci-shape',
+      key: 'workspace-pr-gate',
+      label: 'Workspace-aware PR gate',
+      why: 'Workspace-specific CI complexity does not match a non-monorepo repo shape.',
+      evidence: [
+        `Topology: ${repoArchetype.topology.label}`,
+        'No monorepo-specific governance surface is required.',
+      ],
+      prerequisites: [],
+      expectedBenefit: 'Keeps the operating model lean and aligned to the real repo topology.',
+      rollbackSafety: 'This is a deliberate skip; no cleanup is required.',
+    }));
+  }
+
+  if (repoArchetype.riskProfile.key !== 'regulated' && !domainKeys.has('regulated-lite') && !domainKeys.has('security-focused')) {
+    items.push(makeItem({
+      decision: 'ignore',
+      kind: 'governance-pack',
+      key: 'regulated-lite',
+      label: 'Regulated-lite governance overhead',
+      why: 'The repo does not show regulated or security-heavy signals strong enough to justify this heavier rollout pack.',
+      evidence: [
+        `Risk posture: ${repoArchetype.riskProfile.label}`,
+      ],
+      prerequisites: [],
+      expectedBenefit: 'Preserves a lighter rollout model and avoids over-governing normal product repos.',
+      rollbackSafety: 'This is a no-op skip; the repo can adopt a heavier pack later if evidence changes.',
+    }));
+  }
+
+  if (repoArchetype.stackFamily.key !== 'mobile' && !domainKeys.has('mobile')) {
+    items.push(makeItem({
+      decision: 'ignore',
+      kind: 'verification',
+      key: 'mobile-release-loop',
+      label: 'Mobile release workflow extras',
+      why: 'Mobile-only analyze/build workflow overhead should not be forced onto a non-mobile repo.',
+      evidence: [
+        `Stack family: ${repoArchetype.stackFamily.label}`,
+      ],
+      prerequisites: [],
+      expectedBenefit: 'Avoids irrelevant workflow ceremony and keeps verification recommendations credible.',
+      rollbackSafety: 'No rollback is needed because the capability is being intentionally skipped.',
+    }));
+  }
+
+  return items.slice(0, 3);
+}
+
+function buildAdoptionAdvisor(options) {
+  const {
+    platform,
+    repoArchetype,
+    recommendedOperatingProfile,
+    recommendedDomainPacks = [],
+    recommendedMcpPacks = [],
+    env = {},
+  } = options || {};
+
+  const items = [];
+  const mcpPreflightByKey = new Map(
+    getMcpPackPreflight((recommendedMcpPacks || []).map((pack) => pack.key), env).map((entry) => [entry.key, entry])
+  );
+
+  items.push(makeItem({
+    decision: 'adopt',
+    kind: 'platform-strategy',
+    key: recommendedOperatingProfile.platformSupport.strategy,
+    label: `Platform strategy: ${recommendedOperatingProfile.platformSupport.strategy}`,
+    why: recommendedOperatingProfile.platformSupport.why,
+    evidence: recommendedOperatingProfile.platformSupport.evidence,
+    prerequisites: recommendedOperatingProfile.platformSupport.prerequisites,
+    expectedBenefit: recommendedOperatingProfile.platformSupport.expectedBenefit,
+    rollbackSafety: recommendedOperatingProfile.platformSupport.rollbackSafety,
+  }));
+
+  if (recommendedOperatingProfile.platformSupport.optionalExpansion) {
+    items.push(makeItem({
+      decision: 'defer',
+      kind: 'platform-expansion',
+      key: `secondary-${recommendedOperatingProfile.platformSupport.optionalExpansion}`,
+      label: `Add ${recommendedOperatingProfile.platformSupport.optionalExpansion} as a secondary review surface`,
+      why: 'A secondary platform could help later, but the repo should stabilize its primary governed posture first.',
+      evidence: recommendedOperatingProfile.platformSupport.evidence,
+      prerequisites: [
+        'Capture tagged baseline and post-fix snapshots first.',
+        'Keep Harmony stable across the currently active platform surface.',
+      ],
+      expectedBenefit: 'Adds a complementary advisory surface only after the core posture is already reliable.',
+      rollbackSafety: 'Secondary platform expansion is optional and can be removed without changing the app codebase.',
+    }));
+  }
+
+  items.push(makeItem({
+    decision: 'adopt',
+    kind: 'permission-profile',
+    key: recommendedOperatingProfile.permissionProfile.key,
+    label: `Permission profile: ${recommendedOperatingProfile.permissionProfile.label}`,
+    why: recommendedOperatingProfile.permissionProfile.why,
+    evidence: recommendedOperatingProfile.permissionProfile.evidence,
+    prerequisites: recommendedOperatingProfile.permissionProfile.prerequisites,
+    expectedBenefit: recommendedOperatingProfile.permissionProfile.expectedBenefit,
+    rollbackSafety: recommendedOperatingProfile.permissionProfile.rollbackSafety,
+  }));
+
+  items.push(makeItem({
+    decision: 'adopt',
+    kind: 'governance-pack',
+    key: recommendedOperatingProfile.governancePack.key,
+    label: `Governance pack: ${recommendedOperatingProfile.governancePack.label}`,
+    why: recommendedOperatingProfile.governancePack.why,
+    evidence: recommendedOperatingProfile.governancePack.evidence,
+    prerequisites: recommendedOperatingProfile.governancePack.prerequisites,
+    expectedBenefit: recommendedOperatingProfile.governancePack.expectedBenefit,
+    rollbackSafety: recommendedOperatingProfile.governancePack.rollbackSafety,
+  }));
+
+  items.push(makeItem({
+    decision: 'adopt',
+    kind: 'hook-set',
+    key: 'starter-hooks',
+    label: `Starter hook set: ${recommendedOperatingProfile.hooks.map((hook) => hook.key).join(', ')}`,
+    why: 'These hooks are the lowest-friction set that matches the repo trust boundary, logging needs, and review posture.',
+    evidence: unique(recommendedOperatingProfile.hooks.flatMap((hook) => hook.evidence || []).slice(0, 5)),
+    prerequisites: unique(recommendedOperatingProfile.hooks.flatMap((hook) => hook.prerequisites || [])),
+    expectedBenefit: 'Adds secret protection, trust-boundary checks, and durable change evidence without widening the product surface.',
+    rollbackSafety: 'Each hook can be removed independently from repo settings if it proves noisy.',
+  }));
+
+  items.push(makeItem({
+    decision: 'adopt',
+    kind: 'verification-loop',
+    key: recommendedOperatingProfile.verification.key,
+    label: `Verification loop: ${recommendedOperatingProfile.verification.label}`,
+    why: recommendedOperatingProfile.verification.why,
+    evidence: recommendedOperatingProfile.verification.evidence,
+    prerequisites: recommendedOperatingProfile.verification.prerequisites,
+    expectedBenefit: recommendedOperatingProfile.verification.expectedBenefit,
+    rollbackSafety: recommendedOperatingProfile.verification.rollbackSafety,
+  }));
+
+  items.push(makeItem({
+    decision: 'adopt',
+    kind: 'ci-shape',
+    key: recommendedOperatingProfile.ciShape.key,
+    label: `CI shape: ${recommendedOperatingProfile.ciShape.label}`,
+    why: recommendedOperatingProfile.ciShape.why,
+    evidence: recommendedOperatingProfile.ciShape.evidence,
+    prerequisites: recommendedOperatingProfile.ciShape.prerequisites,
+    expectedBenefit: recommendedOperatingProfile.ciShape.expectedBenefit,
+    rollbackSafety: recommendedOperatingProfile.ciShape.rollbackSafety,
+  }));
+
+  for (const pack of recommendedDomainPacks) {
+    items.push(makeItem({
+      decision: 'adopt',
+      kind: 'domain-pack',
+      key: pack.key,
+      label: `Domain pack: ${pack.label}`,
+      why: pack.useWhen,
+      evidence: unique([...(pack.matchReasons || []), `Archetype: ${repoArchetype.label}`]).slice(0, 5),
+      prerequisites: [
+        `Review the pack modules before applying them: ${(pack.recommendedModules || []).slice(0, 4).join(', ') || 'no starter modules listed'}`,
+      ],
+      expectedBenefit: (pack.benchmarkFocus || []).length > 0
+        ? `Improves Nerviq's relevance around ${pack.benchmarkFocus.slice(0, 3).join(', ')}.`
+        : 'Makes Nerviq recommendations more domain-aware for this repo.',
+      rollbackSafety: 'Domain packs are additive guidance. You can remove a pack from the recommended stack without rewriting the repo.',
+    }));
+  }
+
+  if (platform === 'claude') {
+    for (const pack of recommendedMcpPacks) {
+      const preflight = mcpPreflightByKey.get(pack.key);
+      const prerequisites = inferMcpPackPrerequisites(pack, preflight);
+      const decision = prerequisites.length > 0 ? 'defer' : 'adopt';
+      items.push(makeItem({
+        decision,
+        kind: 'mcp-pack',
+        key: pack.key,
+        label: `MCP pack: ${pack.label}`,
+        why: pack.useWhen,
+        evidence: unique([pack.adoption, `Repo archetype: ${repoArchetype.label}`]).slice(0, 4),
+        prerequisites,
+        expectedBenefit: pack.adoption,
+        rollbackSafety: 'MCP packs are optional integrations; they can be added or removed from settings without changing application source code.',
+      }));
+    }
+  }
+
+  items.push(...buildIgnoreItems(repoArchetype, recommendedOperatingProfile, recommendedDomainPacks));
+
+  const sorted = items
+    .sort((a, b) => {
+      const decisionDiff = (DECISION_ORDER[a.decision] || 99) - (DECISION_ORDER[b.decision] || 99);
+      if (decisionDiff !== 0) return decisionDiff;
+      return a.label.localeCompare(b.label);
+    })
+    .map((item, index) => ({
+      priority: index + 1,
+      ...item,
+    }));
+
+  return {
+    summary: summarize(sorted),
+    items: sorted,
+  };
+}
+
+module.exports = {
+  buildAdoptionAdvisor,
+};

package/src/aider/techniques.js

@@ -19,10 +19,11 @@
  * Check ID prefix: AD-
  */
 
-const { containsEmbeddedSecret } = require('../secret-patterns');
-const { attachSourceUrls } = require('../source-urls');
-const { buildStackChecks } = require('../stack-checks');
-const { isApiProject, isDatabaseProject, isAuthProject, isMonitoringRelevant } = require('../supplemental-checks');
+const { containsEmbeddedSecret } = require('../secret-patterns');
+const { attachSourceUrls } = require('../source-urls');
+const { buildStackChecks } = require('../stack-checks');
+const { isApiProject, isDatabaseProject, isAuthProject, isMonitoringRelevant } = require('../supplemental-checks');
+const { hasCostBudgetOrUsageTracking } = require('../cost-tracking');
 
 const FILLER_PATTERNS = [
   /\bbe helpful\b/i,
@@ -1724,13 +1725,17 @@ const AIDER_TECHNIQUES = {
     fix: 'Set `cache-prompts: true` in .aider.conf.yml to reduce API costs.',
     template: 'aider-conf-yml', file: () => '.aider.conf.yml', line: () => null,
   },
-  aiderCostBudgetDefined: {
-    id: 'AD-T48', name: 'AI cost budget or usage limits documented',
-    check: (ctx) => { const docs = conventionContent(ctx) + (ctx.fileContent('README.md') || ''); if (!docs.trim()) return null; return /cost.{0,15}budget|spending.{0,15}limit|usage.{0,15}limit/i.test(docs); },
-    impact: 'low', rating: 2, category: 'cost-optimization',
-    fix: 'Document AI cost budget in README.md.',
-    template: null, file: () => 'README.md', line: () => null,
-  },
+  aiderCostBudgetDefined: {
+    id: 'AD-T48', name: 'AI cost budget or per-run usage tracking documented',
+    check: (ctx) => {
+      const docs = conventionContent(ctx) + (ctx.fileContent('README.md') || '');
+      if (!docs.trim() && !hasCostBudgetOrUsageTracking('', ctx)) return null;
+      return hasCostBudgetOrUsageTracking(docs, ctx);
+    },
+    impact: 'low', rating: 2, category: 'cost-optimization',
+    fix: 'Document AI cost guardrails or per-run usage tracking so Aider usage is visible run by run.',
+    template: null, file: () => 'README.md', line: () => null,
+  },
 
   // ============================================================
   // === PYTHON STACK CHECKS (category: 'python') ===============