@nforma.ai/nforma 0.2.1 → 0.28.0

package/bin/run-installer-alloy.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-installer-alloy.cjs
-// Invokes Alloy 6 JAR headless for QGSD installer and taxonomy specs (GAP-7, GAP-8).
+// Invokes Alloy 6 JAR headless for nForma installer and taxonomy specs (GAP-7, GAP-8).
 // Requirements: GAP-7, GAP-8
 //
 // Usage:
@@ -16,7 +16,7 @@
 //   - .planning/formal/alloy/org.alloytools.alloy.dist.jar (see VERIFICATION_TOOLS.md for download)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');

package/bin/run-oscillation-tlc.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-oscillation-tlc.cjs
-// Invokes TLC model checker for QGSD oscillation and convergence TLA+ specifications.
+// Invokes TLC model checker for nForma oscillation and convergence TLA+ specifications.
 // Requirements: GAP-1, GAP-5
 //
 // Usage:
@@ -14,7 +14,7 @@
 //   - .planning/formal/tla/tla2tools.jar (see .planning/formal/tla/README.md for download command)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');
@@ -129,8 +129,8 @@ if (!fs.existsSync(jarPath)) {
 
 // ── 4. Resolve spec and config paths ─────────────────────────────────────────
 const specFileName = configName === 'MCoscillation'
-  ? 'QGSDOscillation.tla'
-  : 'QGSDConvergence.tla';
+  ? 'NFOscillation.tla'
+  : 'NFConvergence.tla';
 const specPath = path.join(ROOT, '.planning', 'formal', 'tla', specFileName);
 const cfgPath  = path.join(ROOT, '.planning', 'formal', 'tla', configName + '.cfg');
 

package/bin/run-phase-tlc.cjs

@@ -15,7 +15,7 @@
 // NOTE: Uses spawnSync (no shell) for safe subprocess invocation -- no exec().
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 

package/bin/run-protocol-tlc.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-protocol-tlc.cjs
-// Invokes TLC model checker for QGSD protocol termination TLA+ specifications.
+// Invokes TLC model checker for nForma protocol termination TLA+ specifications.
 // Requirements: GAP-2, GAP-6
 //
 // Usage:
@@ -14,7 +14,7 @@
 //   - .planning/formal/tla/tla2tools.jar (see .planning/formal/tla/README.md for download command)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');
@@ -129,8 +129,8 @@ if (!fs.existsSync(jarPath)) {
 
 // ── 4. Resolve spec and config paths ─────────────────────────────────────────
 const specFileName = configName === 'MCdeliberation'
-  ? 'QGSDDeliberation.tla'
-  : 'QGSDPreFilter.tla';
+  ? 'NFDeliberation.tla'
+  : 'NFPreFilter.tla';
 const specPath = path.join(ROOT, '.planning', 'formal', 'tla', specFileName);
 const cfgPath  = path.join(ROOT, '.planning', 'formal', 'tla', configName + '.cfg');
 

package/bin/run-quorum-composition-alloy.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-quorum-composition-alloy.cjs
-// Invokes Alloy 6 JAR headless for the QGSD quorum composition model.
+// Invokes Alloy 6 JAR headless for the nForma quorum composition model.
 // Requirements: SPEC-03
 //
 // Usage:
@@ -12,7 +12,7 @@
 //   - .planning/formal/alloy/org.alloytools.alloy.dist.jar (see VERIFICATION_TOOLS.md for download)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');

package/bin/run-sensitivity-sweep.cjs

@@ -13,7 +13,7 @@
 // Always exits 0.
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const os   = require('os');
@@ -67,7 +67,7 @@ function runTLCSweep(maxSize) {
   const overrideCfg = baseCfg.replace(/MaxSize\s*=\s*\d+/, 'MaxSize = ' + maxSize);
   fs.writeFileSync(tmpCfg, overrideCfg, 'utf8');
 
-  const tlaFile = path.join(__dirname, '..', '.planning', 'formal', 'tla', 'QGSDQuorum.tla');
+  const tlaFile = path.join(__dirname, '..', '.planning', 'formal', 'tla', 'NFQuorum.tla');
   process.stderr.write('[heap] Xms=64m Xmx=' + JAVA_HEAP_MAX + '\n');
   const javaResult = spawnSync('java', [
     '-Xms64m', '-Xmx' + JAVA_HEAP_MAX,

package/bin/run-stop-hook-tlc.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-stop-hook-tlc.cjs
-// Invokes TLC model checker for the QGSD Stop hook TLA+ specification.
+// Invokes TLC model checker for the nForma Stop hook TLA+ specification.
 // Requirements: SPEC-01
 //
 // Usage:
@@ -13,7 +13,7 @@
 //   - .planning/formal/tla/tla2tools.jar (see .planning/formal/tla/README.md for download command)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');
@@ -118,7 +118,7 @@ if (!fs.existsSync(jarPath)) {
 }
 
 // ── 4. Resolve spec and config paths ─────────────────────────────────────────
-const specPath = path.join(ROOT, '.planning', 'formal', 'tla', 'QGSDStopHook.tla');
+const specPath = path.join(ROOT, '.planning', 'formal', 'tla', 'NFStopHook.tla');
 const cfgPath  = path.join(ROOT, '.planning', 'formal', 'tla', configName + '.cfg');
 
 // LivenessProperty1/2/3 requires -workers 1 (TLC multi-worker liveness bug in v1.8.0)

package/bin/run-tlc.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-tlc.cjs
-// Invokes TLC model checker for the QGSD formal TLA+ specification.
+// Invokes TLC model checker for the nForma formal TLA+ specification.
 // Requirements: TLA-04
 //
 // Usage:
@@ -14,7 +14,7 @@
 //   - .planning/formal/tla/tla2tools.jar (see .planning/formal/tla/README.md for download command)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');
@@ -298,52 +298,52 @@ if (require.main === module) {
   // Map config names to their corresponding spec files.
   // Static map for known exceptions; auto-discovery handles the rest.
   const SPEC_MAP = {
-    'MCMCPEnv':              'QGSDMCPEnv.tla',
-    'MCsafety':              'QGSDQuorum.tla',
-    'MCliveness':            'QGSDQuorum.tla',
-    'MCQGSDQuorum':          'QGSDQuorum_xstate.tla',
-    'MCrecruiting-liveness': 'QGSDRecruiting.tla',
-    'MCrecruiting-safety':   'QGSDRecruiting.tla',
+    'MCMCPEnv':              'NFMCPEnv.tla',
+    'MCsafety':              'NFQuorum.tla',
+    'MCliveness':            'NFQuorum.tla',
+    'MCNFQuorum':          'NFQuorum_xstate.tla',
+    'MCrecruiting-liveness': 'NFRecruiting.tla',
+    'MCrecruiting-safety':   'NFRecruiting.tla',
     'MCTUINavigation':       'TUINavigation.tla',
   };
 
-  // Auto-discover spec file: (1) check SPEC_MAP, (2) scan cfg header for QGSD*.tla ref,
-  // (3) try naming conventions, (4) fall back to QGSDQuorum.tla
+  // Auto-discover spec file: (1) check SPEC_MAP, (2) scan cfg header for nForma*.tla ref,
+  // (3) try naming conventions, (4) fall back to NFQuorum.tla
   function resolveSpecFile(cfgName) {
     if (SPEC_MAP[cfgName]) return SPEC_MAP[cfgName];
 
     const tlaDir = path.join(ROOT, '.planning', 'formal', 'tla');
 
-    // Strategy 1: read cfg header for QGSD*.tla reference (with or without .tla suffix)
+    // Strategy 1: read cfg header for nForma*.tla reference (with or without .tla suffix)
     try {
       const cfgContent = fs.readFileSync(path.join(tlaDir, cfgName + '.cfg'), 'utf8');
       const headerLines = cfgContent.split('\n').slice(0, 5).join('\n');
-      // Match QGSD*.tla or "for QGSD*." (without .tla extension)
-      const refMatch = headerLines.match(/QGSD\w+\.tla/) || headerLines.match(/QGSD\w+/);
+      // Match NF*.tla or "for nForma*." (without .tla extension)
+      const refMatch = headerLines.match(/NF\w+\.tla/) || headerLines.match(/NF\w+/);
       if (refMatch) {
         const candidate = refMatch[0].endsWith('.tla') ? refMatch[0] : refMatch[0] + '.tla';
         if (fs.existsSync(path.join(tlaDir, candidate))) return candidate;
       }
     } catch (_) { /* fall through */ }
 
-    // Strategy 2: naming convention — strip MC prefix, normalize hyphens, find matching QGSD*.tla
+    // Strategy 2: naming convention — strip MC prefix, normalize hyphens, find matching NF*.tla
     const stripped = cfgName.replace(/^MC/, '').toLowerCase().replace(/-/g, '');
     try {
       const allTla = fs.readdirSync(tlaDir).filter(f => f.endsWith('.tla') && !f.includes('TTrace'));
-      const qgsdFiles = allTla.filter(f => f.startsWith('QGSD'));
+      const nfFiles = allTla.filter(f => f.startsWith('NF'));
       const normalize = (s) => s.toLowerCase().replace(/-/g, '');
-      // Exact match against QGSD-prefixed files
-      const match = qgsdFiles.find(f => normalize(f.replace('QGSD', '').replace('.tla', '')) === stripped);
+      // Exact match against nForma-prefixed files
+      const match = nfFiles.find(f => normalize(f.replace('NF', '').replace('.tla', '')) === stripped);
       if (match) return match;
-      // Fuzzy substring match against QGSD-prefixed files
-      const fuzzy = qgsdFiles.find(f => normalize(f).includes(stripped));
+      // Fuzzy substring match against nForma-prefixed files
+      const fuzzy = nfFiles.find(f => normalize(f).includes(stripped));
       if (fuzzy) return fuzzy;
-      // Fallback: check non-QGSD-prefixed files (exact match on stripped name)
+      // Fallback: check non-nForma-prefixed files (exact match on stripped name)
       const nonPrefixed = allTla.find(f => normalize(f.replace('.tla', '')) === stripped);
       if (nonPrefixed) return nonPrefixed;
     } catch (_) { /* fall through */ }
 
-    return 'QGSDQuorum.tla';
+    return 'NFQuorum.tla';
   }
 
   const specFile = resolveSpecFile(configName);

package/bin/run-transcript-alloy.cjs

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 'use strict';
 // bin/run-transcript-alloy.cjs
-// Invokes Alloy 6 JAR headless for QGSD transcript scanning spec (GAP-4).
+// Invokes Alloy 6 JAR headless for nForma transcript scanning spec (GAP-4).
 // Requirements: GAP-4
 //
 // Usage:
@@ -15,7 +15,7 @@
 //   - .planning/formal/alloy/org.alloytools.alloy.dist.jar (see VERIFICATION_TOOLS.md for download)
 
 const { spawnSync } = require('child_process');
-const JAVA_HEAP_MAX = process.env.QGSD_JAVA_HEAP_MAX || '512m';
+const JAVA_HEAP_MAX = process.env.NF_JAVA_HEAP_MAX || '512m';
 const fs   = require('fs');
 const path = require('path');
 const { writeCheckResult } = require('./write-check-result.cjs');

package/bin/secrets.cjs

@@ -2,9 +2,9 @@
 const os = require('os');
 const fs = require('fs');
 const path = require('path');
-const SERVICE = 'qgsd';
+const SERVICE = 'nforma';
 
-const INDEX_PATH = path.join(os.homedir(), '.claude', 'qgsd-key-index.json');
+const INDEX_PATH = path.join(os.homedir(), '.claude', 'nf-key-index.json');
 
 // Read the key index (no keychain access needed — just a JSON file)
 function readIndex() {
@@ -84,7 +84,7 @@ async function syncToClaudeJson(service) {
   try {
     credentials = await list(service);
   } catch (e) {
-    process.stderr.write('[qgsd-secrets] keytar unavailable: ' + e.message + '\n');
+    process.stderr.write('[nf-secrets] keytar unavailable: ' + e.message + '\n');
     return;
   }
 
@@ -100,7 +100,7 @@ async function syncToClaudeJson(service) {
   try {
     raw = fs.readFileSync(claudeJsonPath, 'utf8');
   } catch (e) {
-    process.stderr.write('[qgsd-secrets] ~/.claude.json not found, skipping sync\n');
+    process.stderr.write('[nf-secrets] ~/.claude.json not found, skipping sync\n');
     return;
   }
 
@@ -108,7 +108,7 @@ async function syncToClaudeJson(service) {
   try {
     claudeJson = JSON.parse(raw);
   } catch (e) {
-    process.stderr.write('[qgsd-secrets] ~/.claude.json is invalid JSON, skipping sync\n');
+    process.stderr.write('[nf-secrets] ~/.claude.json is invalid JSON, skipping sync\n');
     return;
   }
 

package/bin/security-sweep.cjs

@@ -0,0 +1,238 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * bin/security-sweep.cjs — Standalone security scanner for nForma.
+ *
+ * Scans git-tracked files for hardcoded secrets, debug artifacts, and API keys.
+ * Produces structured findings with file:line references for VERIFICATION.md.
+ *
+ * Advisory only — exit code 0 always. Never blocks.
+ *
+ * Exports: SECRET_PATTERNS, scanFile, scanDirectory, formatReport
+ * CLI: node bin/security-sweep.cjs [--json] [--cwd /path]
+ */
+
+const fs = require('fs');
+const path = require('path');
+// spawnSync is used (not exec) to avoid shell injection — arguments are passed as an array
+const { spawnSync } = require('child_process');
+
+// ─── Secret Patterns ────────────────────────────────────────────────────────
+
+const SECRET_PATTERNS = [
+  { name: 'AWS Access Key', pattern: /AKIA[A-Z0-9]{16}/, severity: 'high' },
+  { name: 'GitHub Token', pattern: /gh[ps]_[A-Za-z0-9_]{36,}/, severity: 'high' },
+  { name: 'GitHub PAT', pattern: /github_pat_[A-Za-z0-9_]{22,}/, severity: 'high' },
+  { name: 'Stripe Live Key', pattern: /[sr]k_live_[A-Za-z0-9]{20,}/, severity: 'high' },
+  { name: 'OpenAI Key', pattern: /sk-[A-Za-z0-9]{32,}/, severity: 'high' },
+  { name: 'Generic API Key Assignment', pattern: /(?:api[_-]?key|apikey)\s*[:=]\s*['"][^'"]{10,}['"]/i, severity: 'medium' },
+  { name: 'Generic Secret Assignment', pattern: /(?:secret|password)\s*[:=]\s*['"][^'"]{8,}['"]/i, severity: 'medium' },
+  { name: 'Debugger Statement', pattern: /^\s*debugger\s*;?\s*$/, severity: 'low' },
+  { name: 'Sensitive Console.log', pattern: /console\.log\(.*(?:password|secret|token|key|api_key)/i, severity: 'low' },
+];
+
+// Words that indicate a line is a test fixture / not a real secret
+const TEST_INDICATOR_WORDS = ['test', 'mock', 'fake', 'example', 'dummy', 'fixture', 'placeholder', 'todo'];
+
+// File patterns to exclude from scanning
+const EXCLUDE_PATTERNS = [
+  /\.test\./,
+  /\.spec\./,
+  /security-sweep\.cjs$/,
+  /\.md$/,
+  /\.json$/,
+  /\.jsonl$/,
+  /node_modules\//,
+  /\.planning\/\.quorum-cache\//,
+  /package-lock\.json$/,
+];
+
+// ─── scanFile ────────────────────────────────────────────────────────────────
+
+/**
+ * Scan file content line-by-line against SECRET_PATTERNS.
+ * @param {string} filePath - Relative or absolute file path (for reporting).
+ * @param {string} content  - File content to scan.
+ * @returns {Array<{file:string, line:number, column:number, pattern_name:string, severity:string, match:string}>}
+ */
+function scanFile(filePath, content) {
+  if (!content || typeof content !== 'string') return [];
+
+  // Skip binary content (null bytes in first 512 chars)
+  if (content.slice(0, 512).includes('\0')) return [];
+
+  const findings = [];
+  const lines = content.split('\n');
+
+  for (let i = 0; i < lines.length; i++) {
+    const line = lines[i];
+    const lineLower = line.toLowerCase();
+
+    // Skip lines containing test indicator words
+    if (TEST_INDICATOR_WORDS.some(w => lineLower.includes(w))) continue;
+
+    for (const pat of SECRET_PATTERNS) {
+      const m = pat.pattern.exec(line);
+      if (m) {
+        findings.push({
+          file: filePath,
+          line: i + 1,
+          column: m.index + 1,
+          pattern_name: pat.name,
+          severity: pat.severity,
+          match: m[0].length > 40 ? m[0].slice(0, 37) + '...' : m[0],
+        });
+      }
+    }
+  }
+
+  return findings;
+}
+
+// ─── scanDirectory ───────────────────────────────────────────────────────────
+
+/**
+ * Scan git-tracked files in a directory.
+ * @param {string} cwd - Working directory to scan.
+ * @param {Object} [options]
+ * @param {string[]} [options.excludePatterns] - Additional glob patterns to exclude.
+ * @param {number}   [options.maxFiles=500]    - Max files to scan.
+ * @returns {{findings: Array, files_scanned: number, duration_ms: number}}
+ */
+function scanDirectory(cwd, options = {}) {
+  const maxFiles = options.maxFiles || 500;
+  const startTime = Date.now();
+
+  // Get tracked files via git ls-files (spawnSync, not exec — no shell injection)
+  let files = [];
+  try {
+    const result = spawnSync('git', ['ls-files'], {
+      cwd,
+      encoding: 'utf8',
+      timeout: 5000,
+    });
+    if (result.status === 0 && result.stdout) {
+      files = result.stdout.split('\n').filter(f => f.trim());
+    }
+  } catch (_) {
+    return { findings: [], files_scanned: 0, duration_ms: Date.now() - startTime };
+  }
+
+  // Filter out excluded patterns
+  files = files.filter(f => !EXCLUDE_PATTERNS.some(rx => rx.test(f)));
+
+  // Apply additional exclude patterns from options
+  if (options.excludePatterns && Array.isArray(options.excludePatterns)) {
+    for (const pat of options.excludePatterns) {
+      try {
+        const rx = new RegExp(pat);
+        files = files.filter(f => !rx.test(f));
+      } catch (_) {}
+    }
+  }
+
+  // Cap file count
+  if (files.length > maxFiles) {
+    files = files.slice(0, maxFiles);
+  }
+
+  const allFindings = [];
+  let scanned = 0;
+
+  for (const relPath of files) {
+    const absPath = path.join(cwd, relPath);
+    try {
+      const content = fs.readFileSync(absPath, 'utf8');
+      // Skip binary files (null bytes in first 512 bytes)
+      if (content.slice(0, 512).includes('\0')) continue;
+      scanned++;
+      const findings = scanFile(relPath, content);
+      allFindings.push(...findings);
+    } catch (_) {
+      // Skip unreadable files silently
+    }
+  }
+
+  return {
+    findings: allFindings,
+    files_scanned: scanned,
+    duration_ms: Date.now() - startTime,
+  };
+}
+
+// ─── formatReport ────────────────────────────────────────────────────────────
+
+/**
+ * Format scan results as a markdown section for VERIFICATION.md.
+ * @param {{findings: Array, files_scanned: number, duration_ms: number}} scanResult
+ * @returns {string}
+ */
+function formatReport(scanResult) {
+  const { findings, files_scanned, duration_ms } = scanResult;
+  const lines = [];
+
+  lines.push('## Security Sweep');
+  lines.push('');
+  lines.push(`**Scanned:** ${files_scanned} files in ${duration_ms}ms`);
+
+  if (!findings || findings.length === 0) {
+    lines.push('**Findings:** 0');
+    lines.push('');
+    lines.push('No hardcoded secrets, debug artifacts, or API keys detected.');
+    return lines.join('\n');
+  }
+
+  const high = findings.filter(f => f.severity === 'high').length;
+  const medium = findings.filter(f => f.severity === 'medium').length;
+  const low = findings.filter(f => f.severity === 'low').length;
+
+  lines.push(`**Findings:** ${findings.length} (${high} high, ${medium} medium, ${low} low)`);
+  lines.push('');
+  lines.push('| Severity | File | Line | Pattern | Match |');
+  lines.push('|----------|------|------|---------|-------|');
+
+  for (const f of findings) {
+    lines.push(`| ${f.severity} | ${f.file} | ${f.line} | ${f.pattern_name} | ${f.match} |`);
+  }
+
+  lines.push('');
+  lines.push('_Advisory: Review findings and confirm whether they are genuine secrets or false positives._');
+
+  return lines.join('\n');
+}
+
+// ─── CLI ─────────────────────────────────────────────────────────────────────
+
+if (require.main === module) {
+  const args = process.argv.slice(2);
+  const jsonFlag = args.includes('--json');
+  const cwdIdx = args.indexOf('--cwd');
+  const cwd = cwdIdx >= 0 && args[cwdIdx + 1] ? args[cwdIdx + 1] : process.cwd();
+
+  const result = scanDirectory(cwd);
+
+  if (jsonFlag) {
+    process.stdout.write(JSON.stringify(result, null, 2) + '\n');
+  } else {
+    process.stdout.write(formatReport(result) + '\n');
+  }
+
+  // Log conformance event (best-effort)
+  try {
+    const planningPaths = require('./planning-paths.cjs');
+    const conformancePath = planningPaths.resolveWithFallback(cwd, 'conformance-events');
+    const event = {
+      ts: new Date().toISOString(),
+      action: 'security_sweep',
+      files_scanned: result.files_scanned,
+      findings_count: result.findings.length,
+      duration_ms: result.duration_ms,
+    };
+    fs.appendFileSync(conformancePath, JSON.stringify(event) + '\n');
+  } catch (_) {}
+
+  process.exit(0);
+}
+
+module.exports = { SECRET_PATTERNS, scanFile, scanDirectory, formatReport };

package/bin/sensitivity-report.cjs

@@ -22,7 +22,7 @@ const REPORT_MD_PATH = process.env.SENSITIVITY_MD_PATH ||
 
 const PARAM_ANNOTATIONS = {
   MaxSize: {
-    codePath: 'hooks/qgsd-prompt.js FAN_OUT_COUNT; .planning/formal/tla/MCsafety.cfg MaxSize',
+    codePath: 'hooks/nf-prompt.js FAN_OUT_COUNT; .planning/formal/tla/MCsafety.cfg MaxSize',
     testCases: [
       'Test quorum at N=2 boundary: set FAN_OUT_COUNT=2 in providers.json and run quorum round',
       'Test quorum at N=1 (no quorum): verify workflow rejects insufficient available slots',
@@ -44,7 +44,7 @@ const PARAM_ANNOTATIONS = {
     ],
   },
   MaxDeliberation: {
-    codePath: '.planning/formal/tla/MCsafety.cfg MaxDeliberation=7; src/machines/qgsd-workflow.machine.ts MaxDeliberation guard',
+    codePath: '.planning/formal/tla/MCsafety.cfg MaxDeliberation=7; src/machines/nf-workflow.machine.ts MaxDeliberation guard',
     testCases: [
       'Test quorum workflow with max deliberation rounds reached — verify DECIDED fallback',
       'Test rapid-fire slot responses (all within 1 deliberation round)',
@@ -89,7 +89,7 @@ function parseNDJSON(filePath) {
 function generateReport(records) {
   const now = new Date().toISOString();
   const lines = [
-    '# Sensitivity Report — QGSD v0.20',
+    '# Sensitivity Report — nForma v0.20',
     '',
     'Generated: ' + now,
     'Source: .planning/formal/sensitivity-report.ndjson (' + records.length + ' records)',

package/bin/set-secret.cjs

@@ -4,8 +4,8 @@
  * set-secret.cjs
  * Usage: node bin/set-secret.cjs <KEY_NAME> <value>
  *
- * Stores KEY_NAME=value in the OS keychain under service "qgsd",
- * then syncs all qgsd secrets into ~/.claude.json mcpServers env blocks.
+ * Stores KEY_NAME=value in the OS keychain under service "nforma",
+ * then syncs all nforma secrets into ~/.claude.json mcpServers env blocks.
  */
 const { set, syncToClaudeJson, SERVICE } = require('./secrets.cjs');
 
@@ -19,11 +19,11 @@ const value = valueParts.join(' ');
 (async () => {
   try {
     await set(SERVICE, keyName, value);
-    console.log(`[qgsd] Stored ${keyName} in keychain (service: ${SERVICE})`);
+    console.log(`[nf] Stored ${keyName} in keychain (service: ${SERVICE})`);
     await syncToClaudeJson(SERVICE);
-    console.log('[qgsd] Synced keychain secrets to ~/.claude.json');
+    console.log('[nf] Synced keychain secrets to ~/.claude.json');
   } catch (e) {
-    console.error('[qgsd] Error:', e.message);
+    console.error('[nf] Error:', e.message);
     process.exit(1);
   }
 })();

package/bin/setup-telemetry-cron.sh

@@ -26,11 +26,11 @@ if crontab -l 2>/dev/null | grep -q "telemetry-collector"; then
 fi
 
 # Install cron entry: top of every hour
-(crontab -l 2>/dev/null; echo "0 * * * * $CRON_CMD >> /tmp/qgsd-telemetry.log 2>&1") | crontab -
+(crontab -l 2>/dev/null; echo "0 * * * * $CRON_CMD >> /tmp/nf-telemetry.log 2>&1") | crontab -
 
 echo "Telemetry cron installed."
 
 # Windows: use Task Scheduler. Create a Basic Task that runs:
-#   node C:\path\to\qgsd\bin\telemetry-collector.cjs
-# followed by: node C:\path\to\qgsd\bin\issue-classifier.cjs
+#   node C:\path\to\nforma\bin\telemetry-collector.cjs
+# followed by: node C:\path\to\nforma\bin\issue-classifier.cjs
 # Trigger: Daily, repeat every 1 hour indefinitely.