@nerviq/cli 1.29.1 → 1.30.0

package/sdk/examples/self-governing-agent.js

@@ -0,0 +1,135 @@
+#!/usr/bin/env node
+/**
+ * Reference: self-governing AI coding agent loop using @nerviq/cli/sdk.
+ *
+ * This file is the AI-07 reference example for the docs/for-agents page on
+ * nerviq.net. It implements the "Self-governing agent pattern" documented
+ * there: an agent that audits the repo before acting, runs targeted fixes,
+ * makes the actual code change, re-audits to detect regression, and records
+ * outcomes back into the local learning loop.
+ *
+ * Usage (after `npm install @nerviq/cli`):
+ *   node node_modules/@nerviq/cli/sdk/examples/self-governing-agent.js [repo-dir]
+ *
+ * Default repo-dir is process.cwd().
+ *
+ * NOT autonomous in the dangerous sense:
+ *   - This loop NEVER calls --apply --auto silently. Mutations of governance
+ *     posture (deny rules, MCP permissions, hooks) require explicit user
+ *     consent. The example surfaces a plan and waits for the next human
+ *     decision; that's by design and matches the docs/for-agents constraint.
+ */
+
+'use strict';
+
+// Resolve the SDK from npm install OR from the in-repo path (for running this
+// example directly from a checkout of nerviq/nerviq).
+function loadSdk() {
+  try {
+    return require('@nerviq/cli/sdk');
+  } catch {
+    return require('../index.js');
+  }
+}
+const { audit, harmonyAudit, detectPlatforms } = loadSdk();
+const path = require('path');
+
+async function selfGoverningLoop(repoDir, opts = {}) {
+  const dir = path.resolve(repoDir);
+  const log = opts.log || console.log;
+  const HARMONY_DRIFT_THRESHOLD = 60;
+
+  // ── Step 1. Pre-task audit ──────────────────────────────────────────────
+  log('[1/5] pre-task audit…');
+  const platforms = detectPlatforms(dir);
+  log(`      platforms: ${platforms.join(', ') || '(none detected — single-platform repo)'}`);
+
+  const pre = await audit(dir, opts.platform || (platforms[0] || 'claude'));
+  log(`      score: ${pre.score}/100  organic: ${pre.organicScore}/100  failed: ${pre.failed}`);
+
+  // The headline value: stale references. Surface BEFORE doing anything.
+  if (pre.staleReferences && pre.staleReferences.count > 0) {
+    log(`      📌 ${pre.staleReferences.headline}`);
+    for (const sample of pre.staleReferences.topSample) {
+      log(`         · ${sample.file}:${sample.line} — ${sample.fix.split('\n')[0].slice(0, 100)}`);
+    }
+    log('      ↳ recommend: surface to user, ask whether to proceed despite stale refs');
+  }
+
+  // ── Step 2. Cross-platform Harmony check (only if multi-platform) ──────
+  if (platforms.length >= 2) {
+    log('[2/5] harmony check (cross-platform drift)…');
+    const harmony = await harmonyAudit(dir);
+    log(`      harmonyScore: ${harmony.harmonyScore}/100`);
+
+    if (harmony.harmonyScore < HARMONY_DRIFT_THRESHOLD) {
+      log(`      ⚠️  harmony below ${HARMONY_DRIFT_THRESHOLD} — drift between platforms is forming`);
+      log('      ↳ recommend: surface drifts to user, decide whether to harmony-sync before proceeding');
+      // NOTE: a real agent would surface harmony.drift list here and wait for
+      // user approval before running `nerviq harmony-sync --fix`. We do NOT
+      // call it silently from the agent loop.
+    }
+  } else {
+    log('[2/5] harmony check skipped (single-platform repo)');
+  }
+
+  // ── Step 3. Make the actual code change ─────────────────────────────────
+  log('[3/5] doing the actual task… (placeholder — replace with the real agent action)');
+  // In a real agent: execute the user's task. Edit files, run tests, etc.
+  // For this example, simulate a small change so step 4's diff-only audit has
+  // something to compare against.
+  if (typeof opts.doWork === 'function') {
+    await opts.doWork({ dir, preAuditScore: pre.score });
+  } else {
+    log('      (no doWork callback provided — skipping)');
+  }
+
+  // ── Step 4. Post-task diff-only re-audit ────────────────────────────────
+  log('[4/5] post-task diff-only audit…');
+  const post = await audit(dir, opts.platform || (platforms[0] || 'claude'));
+  const delta = post.score - pre.score;
+  const arrow = delta > 0 ? `+${delta}` : delta < 0 ? `${delta}` : '0';
+  log(`      score: ${post.score}/100  Δ ${arrow}  failed: ${post.failed}`);
+
+  if (delta < -3) {
+    log('      🔴 score dropped materially — recommend: rollback or human review');
+  } else if (delta > 0) {
+    log('      ✓ score improved');
+  }
+
+  // ── Step 5. Record outcome (learning loop) ─────────────────────────────
+  log('[5/5] outcome recording — call `nerviq feedback --key <K> --status accepted|rejected|deferred --score-delta <delta>`');
+  log('       (the agent should invoke this once per recommendation it acted on, so suggest-rules can learn the team\'s actual preferences)');
+
+  return {
+    pre,
+    post,
+    delta,
+    platforms,
+    recommendation:
+      delta < -3
+        ? 'rollback-or-review'
+        : pre.staleReferences && pre.staleReferences.count > 0
+          ? 'surface-stale-references-to-user'
+          : delta > 0
+            ? 'continue'
+            : 'no-change',
+  };
+}
+
+if (require.main === module) {
+  const dir = process.argv[2] || process.cwd();
+  selfGoverningLoop(dir, { log: console.log })
+    .then((result) => {
+      console.log('\n=== Loop complete ===');
+      console.log(`Recommendation: ${result.recommendation}`);
+      console.log(`Pre/post score: ${result.pre.score} → ${result.post.score} (Δ ${result.delta})`);
+      process.exitCode = result.recommendation === 'rollback-or-review' ? 1 : 0;
+    })
+    .catch((err) => {
+      console.error(`error: ${err.message}`);
+      process.exitCode = 1;
+    });
+}
+
+module.exports = { selfGoverningLoop };

package/sdk/index.d.ts

@@ -0,0 +1,115 @@
+export type NerviqPlatform =
+  | 'claude'
+  | 'codex'
+  | 'gemini'
+  | 'copilot'
+  | 'cursor'
+  | 'windsurf'
+  | 'aider'
+  | 'opencode';
+
+export interface AuditFinding {
+  key: string;
+  id?: string | null;
+  name: string;
+  category?: string | null;
+  impact?: 'critical' | 'high' | 'medium' | 'low' | null;
+  fix?: string | null;
+  passed: boolean | null;
+  file?: string | null;
+  line?: number | null;
+  sourceUrl?: string | null;
+  confidence?: number | string | null;
+}
+
+export interface AuditAction {
+  key: string;
+  id?: string | null;
+  name: string;
+  impact?: 'critical' | 'high' | 'medium' | 'low' | null;
+  category?: string | null;
+  fix?: string | null;
+  why?: string | null;
+  sourceUrl?: string | null;
+}
+
+export interface AuditResult {
+  platform: string;
+  platformLabel: string;
+  score: number;
+  passed: number;
+  failed: number;
+  skipped: number;
+  checkCount: number;
+  results: AuditFinding[];
+  quickWins: AuditAction[];
+  topNextActions: AuditAction[];
+  suggestedNextCommand?: string;
+  /** Convenience alias for `passed` */
+  passing: number;
+  /** Convenience alias for `passed + failed` */
+  total: number;
+}
+
+export interface HarmonyResult {
+  harmonyScore: number;
+  platformScores: Record<string, number | null>;
+  platformResults: Record<string, AuditResult | null>;
+  drift: {
+    drifts: Array<Record<string, unknown>>;
+    harmonyScore: number;
+  };
+  recommendations: Array<Record<string, unknown>>;
+  activePlatforms: Array<Record<string, unknown>>;
+  model: Record<string, unknown>;
+  /** Convenience alias for `harmonyScore` */
+  average: number;
+}
+
+export interface Check {
+  platform: string;
+  id: string | null;
+  key: string;
+  name: string | null;
+  category: string | null;
+  impact: string | null;
+  rating: string | null;
+  fix: string | null;
+  sourceUrl: string | null;
+  confidence: number | null;
+  lastVerified?: string | null;
+  template?: string | null;
+  deprecated?: boolean;
+}
+
+export interface RoutingChoice {
+  platform: string;
+  confidence: number;
+  reasoning: string;
+}
+
+export interface RoutingResult {
+  recommended: RoutingChoice | null;
+  alternatives: RoutingChoice[];
+  taskType: string;
+}
+
+export interface SynergyResult {
+  dir: string;
+  activePlatforms: string[];
+  platformAudits: Record<string, AuditResult>;
+  compound: Record<string, unknown>;
+  amplification: number;
+  compensation: Record<string, unknown>;
+  patterns: Array<Record<string, unknown>>;
+  recommendations: Array<Record<string, unknown>>;
+  errors: Array<{ platform: string; message: string }>;
+  report: string;
+}
+
+export declare function audit(dir: string, platform?: NerviqPlatform): Promise<AuditResult>;
+export declare function harmonyAudit(dir: string): Promise<HarmonyResult>;
+export declare function synergyReport(dir: string): Promise<SynergyResult>;
+export declare function detectPlatforms(dir: string): string[];
+export declare function getCatalog(): Check[];
+export declare function routeTask(description: string, platforms?: string[]): RoutingResult;

package/sdk/index.js

@@ -0,0 +1,94 @@
+const path = require('path');
+const fs = require('fs');
+
+const VALID_PLATFORMS = ['claude', 'codex', 'cursor', 'copilot', 'gemini', 'windsurf', 'aider', 'opencode'];
+
+function loadCore() {
+  try {
+    return require('@nerviq/cli');
+  } catch {
+    return require('..');
+  }
+}
+
+function validateDir(dir) {
+  if (!dir || typeof dir !== 'string') {
+    throw new Error('dir is required and must be a string. Pass a valid directory path.');
+  }
+  const resolved = path.resolve(dir);
+  if (!fs.existsSync(resolved)) {
+    throw new Error(`Directory not found: ${resolved}. Pass an existing directory path.`);
+  }
+  return resolved;
+}
+
+function validatePlatform(platform) {
+  if (platform && !VALID_PLATFORMS.includes(platform)) {
+    throw new Error(`Unsupported platform '${platform}'. Use one of: ${VALID_PLATFORMS.join(', ')}`);
+  }
+}
+
+async function audit(dir, platform = 'claude') {
+  const resolved = validateDir(dir);
+  validatePlatform(platform);
+  const core = loadCore();
+  const result = await core.audit({
+    dir: resolved,
+    platform,
+    silent: true,
+  });
+  // Add convenience aliases for SDK consumers
+  if (result) {
+    result.passing = result.passed;
+    result.total = (result.passed || 0) + (result.failed || 0);
+  }
+  return result;
+}
+
+async function harmonyAudit(dir) {
+  const resolved = validateDir(dir);
+  const core = loadCore();
+  const result = await core.harmonyAudit({
+    dir: resolved,
+    silent: true,
+  });
+  // Add convenience alias for SDK consumers
+  if (result) {
+    result.average = result.harmonyScore;
+  }
+  return result;
+}
+
+async function synergyReport(dir) {
+  const resolved = validateDir(dir);
+  const core = loadCore();
+  return core.synergyReport(resolved);
+}
+
+function detectPlatforms(dir) {
+  const resolved = validateDir(dir);
+  const core = loadCore();
+  return core.detectPlatforms(resolved);
+}
+
+function getCatalog() {
+  const core = loadCore();
+  return core.getCatalog();
+}
+
+function routeTask(description, platforms) {
+  if (!description || typeof description !== 'string') {
+    throw new Error('description is required and must be a non-empty string.');
+  }
+  const core = loadCore();
+  return core.routeTask(description, platforms || []);
+}
+
+module.exports = {
+  audit,
+  harmonyAudit,
+  synergyReport,
+  detectPlatforms,
+  getCatalog,
+  routeTask,
+};

package/sdk/package.json

@@ -0,0 +1,11 @@
+{
+  "name": "@nerviq/sdk",
+  "version": "0.9.5",
+  "main": "index.js",
+  "types": "index.d.ts",
+  "description": "Programmatic SDK for Nerviq — audit, harmony, synergy for AI coding agents",
+  "license": "AGPL-3.0",
+  "dependencies": {
+    "@nerviq/cli": "^0.9.5"
+  }
+}

package/src/activity.js

@@ -683,6 +683,19 @@ function recordRecommendationOutcome(dir, payload) {
     relativePath: path.relative(dir, filePath),
   });
 
+  // BUG-07 fix: also bump the usage-patterns counter so suggest-rules
+  // sees the recorded outcome. Previously feedback wrote to outcomes/
+  // and suggest-rules read from feedback/patterns.json — two stores
+  // that never cross-fed. The map: accepted→accepted, rejected→rejected,
+  // deferred→skipped (matching usage-patterns vocabulary).
+  try {
+    const { recordPattern } = require('./usage-patterns');
+    const patternAction = status === 'deferred' ? 'skipped' : status;
+    recordPattern(dir, key, patternAction);
+  } catch {
+    // Non-fatal — outcomes file already written; pattern bump is additive.
+  }
+
   return {
     id,
     filePath,

package/src/audit.js

@@ -63,8 +63,14 @@ const COLORS = {
   magenta: '\x1b[35m',
 };
 
+// MEMO-16: route every CLI string through safe-glyph before colorize so
+// Windows consoles without UTF-8 codepage 65001 get ASCII-safe fallbacks
+// (`[OK]`, `[X]`, `[!]`, etc.) instead of mojibake. No-op on UTF-8 capable
+// terminals (modern macOS / Linux / Windows Terminal / VS Code / WSL).
+const { safeText } = require('./safe-glyph');
+
 function colorize(text, color) {
-  return `${COLORS[color] || ''}${text}${COLORS.reset}`;
+  return `${COLORS[color] || ''}${safeText(text)}${COLORS.reset}`;
 }
 
 function progressBar(score, max = 100, width = 20) {
@@ -371,6 +377,27 @@ function printLiteAudit(result, dir) {
     console.log('');
   }
 
+  // PROD-03: stale-reference headline. When the new BUG-04 patterns fire,
+  // surface them BEFORE "Top 3 things to fix" because:
+  //   1. They are deterministic (file X says Y, package.json says Z) and
+  //      a buyer can verify them in 30 seconds.
+  //   2. cursor-doctor + AgentLinter market signals show this is the
+  //      highest-leverage user-visible value in this category.
+  //   3. The user-lab found these get buried among 70+ failed checks.
+  if (result.staleReferences && result.staleReferences.count > 0) {
+    console.log(colorize(`  📌 Stale references in agent docs: ${result.staleReferences.count}`, 'yellow'));
+    for (const sample of result.staleReferences.topSample) {
+      const labelTag = sample.key.replace('agent-config-', '').replace(/-/g, ' ');
+      console.log(colorize(`     [${labelTag}] ${sample.file || '(unknown)'}:${sample.line || '?'}`, 'dim'));
+      console.log(colorize(`     → ${sample.fix}`, 'dim'));
+    }
+    if (result.staleReferences.count > result.staleReferences.topSample.length) {
+      const remaining = result.staleReferences.count - result.staleReferences.topSample.length;
+      console.log(colorize(`     ... and ${remaining} more (run with --shallow-risk to see all)`, 'dim'));
+    }
+    console.log('');
+  }
+
   console.log(colorize('  Top 3 things to fix right now:', 'magenta'));
   console.log('');
   let usagePatterns;
@@ -451,24 +478,43 @@ async function audit(options) {
   ]);
   const includeGenericQuality = options.verbose;
 
-  // Run all technique checks
+  // Run all technique checks.
+  //
+  // AI-12a optimization (2026-04-29): partition techniques into applicable
+  // vs not-applicable BEFORE the hot loop. Previously the loop iterated all
+  // ~2,441 techniques and skipped ~85% via the in-loop guard, which still
+  // paid the Object.entries iteration + spread + push cost per skipped
+  // technique. After partition the hot loop only runs `check(ctx)` on
+  // genuinely applicable techniques; not-applicable ones are batched into
+  // a single fast push at the end. Target: ≥40% cut on first-run audit
+  // for repos > 200 files. See ai-12-governance-budget-tracking memo for
+  // the budget context.
   if (!shallowRiskOnly) {
-    for (const [key, technique] of Object.entries(techniques)) {
-      // Skip entire stack category if the stack is not detected at a core location
-      // Skip generic quality categories unless --verbose is set
-      const cat = technique.category;
+    const techniqueEntries = Object.entries(techniques);
+    const applicable = [];
+    const notApplicable = [];
+    for (const entry of techniqueEntries) {
+      const cat = entry[1].category;
       if ((!includeGenericQuality && GENERIC_QUALITY_CATEGORIES.has(cat)) ||
           (STACK_CATEGORY_DETECTORS[cat] && !activeStackCategories.has(cat))) {
-        results.push({
-          key,
-          ...technique,
-          file: null,
-          line: null,
-          passed: null, // not applicable
-        });
-        continue;
+        notApplicable.push(entry);
+      } else {
+        applicable.push(entry);
       }
-
+    }
+    // Fast push for not-applicable techniques (no check() call needed).
+    for (let i = 0; i < notApplicable.length; i++) {
+      const [key, technique] = notApplicable[i];
+      results.push({
+        key,
+        ...technique,
+        file: null,
+        line: null,
+        passed: null,
+      });
+    }
+    // Hot loop: only applicable techniques.
+    for (const [key, technique] of applicable) {
       const passed = technique.check(ctx);
       let file = typeof technique.file === 'function' ? (technique.file(ctx) ?? null) : (technique.file ?? null);
       let line = typeof technique.line === 'function' ? (technique.line(ctx) ?? null) : (technique.line ?? null);
@@ -707,6 +753,61 @@ async function audit(options) {
   if (shallowRiskEnabled) {
     result.shallowRiskHints = runShallowRisk(ctx);
   }
+  // PROD-03: stale-reference HEADLINE — runs default-on (separately from
+  // the full shallow-risk pipeline) because the two new BUG-04 patterns
+  // (`agent-config-script-not-in-package-json` and
+  // `agent-config-framework-version-mismatch`) are deterministic, fast,
+  // and have near-zero FP. The user-lab found these are the highest-
+  // leverage user-visible value in this category (cursor-doctor /
+  // AgentLinter market signal); they shouldn't be gated behind a flag.
+  // Reuse the broader hint list when shallow-risk is already enabled.
+  if (shallowRiskOnly !== true) {
+    const STALE_REFERENCE_KEYS = new Set([
+      'agent-config-script-not-in-package-json',
+      'agent-config-framework-version-mismatch',
+    ]);
+    let staleHints;
+    if (shallowRiskEnabled && Array.isArray(result.shallowRiskHints)) {
+      staleHints = result.shallowRiskHints.filter((h) => STALE_REFERENCE_KEYS.has(h.key));
+    } else {
+      // Default-on mini-scan: run only the 2 stale-reference patterns.
+      try {
+        const minimalPatterns = [
+          require('./shallow-risk/patterns/agent-config-script-not-in-package-json'),
+          require('./shallow-risk/patterns/agent-config-framework-version-mismatch'),
+        ];
+        const { buildFinding } = require('./shallow-risk/shared');
+        staleHints = [];
+        for (const p of minimalPatterns) {
+          let raw = [];
+          try { raw = p.run(ctx) || []; } catch { raw = []; }
+          for (const f of raw) {
+            staleHints.push(buildFinding(p, ctx, f));
+          }
+        }
+      } catch {
+        staleHints = [];
+      }
+    }
+    if (staleHints && staleHints.length > 0) {
+      result.staleReferences = {
+        count: staleHints.length,
+        byKey: staleHints.reduce((acc, h) => {
+          acc[h.key] = (acc[h.key] || 0) + 1;
+          return acc;
+        }, {}),
+        topSample: staleHints.slice(0, 3).map((h) => ({
+          key: h.key,
+          file: h.file,
+          line: h.line,
+          fix: h.fix,
+        })),
+        headline: staleHints.length === 1
+          ? '1 stale reference found in agent docs.'
+          : `${staleHints.length} stale references found in agent docs.`,
+      };
+    }
+  }
   // Detect which AI config files are present
   const configFiles = [];
   const configChecks = [

package/src/auto-suggest.js

@@ -56,13 +56,20 @@ function analyzeSuggestions(dir) {
   let bootstrap = { ready: true, state: 'ready', message: null, steps: [] };
 
   if (totalEvents === 0 && auditSnapshots.length === 0) {
+    // BUG-07 fix: when feedback was just recorded but pattern events are 0,
+    // the user already ran `nerviq feedback` and got "No local usage..."
+    // back. After the activity.js fix, feedback now bumps usage-patterns,
+    // so this state means feedback never ran AT ALL. Be explicit about
+    // what's missing so the user doesn't think the loop is broken.
     bootstrap = {
       ready: false,
       state: 'empty',
-      message: 'No local usage or snapshot history exists yet.',
+      message: 'No local usage or snapshot history exists yet. Need at least 2 snapshots and/or 2 recorded outcomes per check before suggestions surface.',
+      missingSignals: ['snapshots', 'recorded-outcomes'],
+      threshold: { minEventsPerCheck: MIN_EVENTS, minSnapshotsForPriority: 2 },
       steps: [
         'Run `nerviq audit --snapshot` to save the baseline.',
-        'Use `nerviq fix`, `nerviq fix --all-critical`, or `nerviq feedback` to record recommendation outcomes.',
+        'Use `nerviq fix`, `nerviq fix --all-critical`, or `nerviq feedback --key <K> --status accepted` to record recommendation outcomes.',
         'Run `nerviq audit --snapshot` again after a meaningful repo change.',
         'Re-run `nerviq suggest-rules`.',
       ],

package/src/behavioral-drift.js

@@ -685,12 +685,29 @@ function analyzeBehavioralDrift(dir, options = {}) {
   const structuralSignals = buildStructuralSignals(dir, options);
   const intentSignals = collectIntentSignals(dir);
   const { findings, labels } = deriveBehavioralFindings(structuralSignals, intentSignals);
-  const score = buildBehavioralScore(structuralSignals, findings);
+
+  // BUG-05 fix: a perfect 100 alignment score on a repo with no source files
+  // is misleading — the buildBehavioralScore math starts at 100 and subtracts
+  // penalties; with zero structural signal there's nothing to subtract, so
+  // empty repos look "perfectly aligned." Surface insufficient-signal status
+  // explicitly instead of returning the bogus 100. Threshold: <5 source files
+  // is treated as insufficient signal (calibrated from the user-lab fixture
+  // where 0 source files returned 100).
+  const SUFFICIENT_SIGNAL_FLOOR = 5;
+  const insufficientSignal = structuralSignals.sourceFiles < SUFFICIENT_SIGNAL_FLOOR;
+
+  const score = insufficientSignal
+    ? null
+    : buildBehavioralScore(structuralSignals, findings);
 
   return {
     mode: 'behavioral-drift',
     scoreType: 'behavioral-alignment-score',
     score,
+    status: insufficientSignal ? 'insufficient-signal' : 'ok',
+    insufficientSignalReason: insufficientSignal
+      ? `Need ≥${SUFFICIENT_SIGNAL_FLOOR} source files to compute a meaningful alignment score; found ${structuralSignals.sourceFiles}.`
+      : null,
     scope: SCOPE_CONTRACT,
     repoSummary: {
       project: path.basename(dir),
@@ -703,7 +720,13 @@ function analyzeBehavioralDrift(dir, options = {}) {
     intentSignals,
     driftLabels: labels,
     findings,
-    nextSteps: buildBehavioralNextSteps(findings),
+    nextSteps: insufficientSignal
+      ? [{
+          key: 'add-source-code',
+          title: `Add at least ${SUFFICIENT_SIGNAL_FLOOR} source files before re-running behavioral review.`,
+          severity: 'low',
+        }]
+      : buildBehavioralNextSteps(findings),
   };
 }
 
@@ -713,6 +736,18 @@ function writeBehavioralSnapshot(dir, report, meta = {}) {
 
 function formatBehavioralReport(report, options = {}) {
   const lines = [];
+  // BUG-05 fix: handle insufficient-signal status — the score is null and a
+  // human-friendly explanation replaces the colored gauge.
+  if (report.status === 'insufficient-signal') {
+    lines.push('');
+    lines.push(c('  nerviq behavioral drift review', 'bold'));
+    lines.push(c('  ═══════════════════════════════════════', 'dim'));
+    lines.push(c('  Alignment score: insufficient signal', 'yellow'));
+    lines.push(c(`  ${report.insufficientSignalReason || 'Not enough source files to compute a meaningful score.'}`, 'dim'));
+    lines.push(c('  No score returned to avoid a misleading 100 on empty repos.', 'dim'));
+    lines.push('');
+    return lines.join('\n');
+  }
   const scoreColor = report.score >= 75 ? 'green' : report.score >= 55 ? 'yellow' : 'red';
 
   lines.push('');

package/src/codex/freshness.js

@@ -75,6 +75,13 @@ const P0_SOURCES = [
     stalenessThresholdDays: 14,
     verifiedAt: '2026-04-07',
   },
+  {
+    key: 'codex-models-docs',
+    label: 'Codex Supported Models',
+    url: 'https://developers.openai.com/codex/models',
+    stalenessThresholdDays: 14,
+    verifiedAt: '2026-04-16',
+  },
 ];
 
 /**

package/src/copilot/freshness.js

@@ -97,6 +97,13 @@ const P0_SOURCES = [
     stalenessThresholdDays: 30,
     verifiedAt: '2026-04-07',
   },
+  {
+    key: 'copilot-models-docs',
+    label: 'Copilot Supported AI Models',
+    url: 'https://docs.github.com/en/copilot/reference/ai-models/supported-models',
+    stalenessThresholdDays: 14,
+    verifiedAt: '2026-04-16',
+  },
 ];
 
 /**

package/src/freshness.js

@@ -98,6 +98,13 @@ const P0_SOURCES = [
     stalenessThresholdDays: 14,
     verifiedAt: '2026-04-07',
   },
+  {
+    key: 'anthropic-models-overview',
+    label: 'Anthropic Claude Models Overview',
+    url: 'https://platform.claude.com/docs/en/docs/about-claude/models',
+    stalenessThresholdDays: 14,
+    verifiedAt: '2026-04-16',
+  },
 ];
 
 /**