@nforma.ai/nforma 0.2.1 → 0.29.0

package/bin/build-layer-manifest.cjs

@@ -0,0 +1,153 @@
+#!/usr/bin/env node
+'use strict';
+// bin/build-layer-manifest.cjs
+// Classifies all formal models in model-registry.json into L1/L2/L3 layers
+// and generates layer-manifest.json. Extends model-registry.json with
+// source_layer, gate_maturity, and layer_maturity fields per model.
+//
+// Requirements: INTG-01, INTG-05, INTG-06
+
+const fs   = require('fs');
+const path = require('path');
+
+const ROOT = process.env.PROJECT_ROOT || path.join(__dirname, '..');
+const REGISTRY_PATH = path.join(ROOT, '.planning', 'formal', 'model-registry.json');
+const MANIFEST_PATH = path.join(ROOT, '.planning', 'formal', 'layer-manifest.json');
+const SPEC_DIR = path.join(ROOT, '.planning', 'formal', 'spec');
+
+const JSON_FLAG = process.argv.includes('--json');
+
+// ── Classification rules ────────────────────────────────────────────────────
+
+/**
+ * Classify a model path into L1, L2, or L3.
+ *
+ * L3 (Reasoning): formalism "tla", "alloy", "prism", "uppaal"; files in tla/, alloy/, prism/ directories
+ * L2 (Semantics): spec/invariants.md files; XState machine definition; assumption-gaps.md
+ * L1 (Evidence): formalism "trace" or "redaction"; conformance-events.jsonl; debt.json; observe-handler outputs
+ */
+function classifyModel(modelPath) {
+  const normalized = modelPath.replace(/\\/g, '/');
+
+  // L3: files in tla/, alloy/, prism/ directories or with those extensions
+  if (/\/(tla|alloy|prism)\//.test(normalized)) return 'L3';
+  if (/\.(tla|als|pm)$/.test(normalized)) return 'L3';
+
+  // L2: spec/*/invariants.md, xstate machine definitions, assumption-gaps
+  if (/\/spec\/[^/]+\/invariants\.md$/.test(normalized)) return 'L2';
+  if (/xstate|machine\.js|machine\.ts/.test(normalized)) return 'L2';
+  if (/assumption-gaps/.test(normalized)) return 'L2';
+
+  // L1: trace, redaction, conformance-events, debt, observe-handler
+  if (/conformance-events/.test(normalized)) return 'L1';
+  if (/debt\.json/.test(normalized)) return 'L1';
+  if (/observe-handler/.test(normalized)) return 'L1';
+  if (/trace|redaction/.test(normalized)) return 'L1';
+
+  // Fallback: classify by check-result formalism if available
+  return 'L1'; // default to L1 (evidence)
+}
+
+/**
+ * Determine layer_maturity for a model.
+ * Level 0: ungrounded (default)
+ * Level 1: has L2 semantic declarations (spec invariants.md exists for related module)
+ */
+function computeLayerMaturity(modelPath, specModules) {
+  const normalized = modelPath.replace(/\\/g, '/');
+  // Check if any spec module name appears in the model path
+  for (const mod of specModules) {
+    if (normalized.toLowerCase().includes(mod.toLowerCase())) {
+      return 1;
+    }
+  }
+  return 0;
+}
+
+// ── Main ────────────────────────────────────────────────────────────────────
+
+function main() {
+  // Read registry
+  const registry = JSON.parse(fs.readFileSync(REGISTRY_PATH, 'utf8'));
+  const models = registry.models;
+  const modelPaths = Object.keys(models);
+
+  // Discover spec modules with invariants.md
+  const specModules = [];
+  if (fs.existsSync(SPEC_DIR)) {
+    for (const entry of fs.readdirSync(SPEC_DIR, { withFileTypes: true })) {
+      if (entry.isDirectory()) {
+        const invPath = path.join(SPEC_DIR, entry.name, 'invariants.md');
+        if (fs.existsSync(invPath)) {
+          specModules.push(entry.name);
+        }
+      }
+    }
+  }
+
+  // Classify each model and extend registry
+  const layers = { L1: [], L2: [], L3: [] };
+  const maturityDist = { 0: 0, 1: 0 };
+
+  for (const modelPath of modelPaths) {
+    const layer = classifyModel(modelPath);
+    const layerMaturity = computeLayerMaturity(modelPath, specModules);
+    const gateMat = 'ADVISORY';
+
+    // Extend registry entry
+    models[modelPath].source_layer = layer;
+    models[modelPath].gate_maturity = gateMat;
+    models[modelPath].layer_maturity = layerMaturity;
+
+    // Add to manifest layers
+    layers[layer].push({
+      path: modelPath,
+      description: models[modelPath].description || '',
+      grounding_status: layerMaturity > 0 ? 'has_semantic_declarations' : 'ungrounded'
+    });
+
+    maturityDist[layerMaturity] = (maturityDist[layerMaturity] || 0) + 1;
+  }
+
+  // Write updated model-registry.json
+  registry.last_sync = new Date().toISOString();
+  fs.writeFileSync(REGISTRY_PATH, JSON.stringify(registry, null, 2) + '\n', 'utf8');
+
+  // Generate layer-manifest.json
+  const manifest = {
+    schema_version: '1',
+    generated: new Date().toISOString(),
+    layers,
+    gate_relationships: {
+      A: { from: 'L1', to: 'L2', description: 'Evidence grounds semantic declarations' },
+      B: { from: 'L2', to: 'L3', description: 'Semantic declarations trace to reasoning models' },
+      C: { from: 'L3', to: 'TC', description: 'Reasoning models prove traceability completeness' }
+    },
+    summary: {
+      total_models: modelPaths.length,
+      L1_count: layers.L1.length,
+      L2_count: layers.L2.length,
+      L3_count: layers.L3.length,
+      maturity_distribution: maturityDist,
+      spec_modules_with_invariants: specModules.length
+    }
+  };
+
+  fs.writeFileSync(MANIFEST_PATH, JSON.stringify(manifest, null, 2) + '\n', 'utf8');
+
+  // Output
+  if (JSON_FLAG) {
+    console.log(JSON.stringify(manifest, null, 2));
+  } else {
+    console.log(`Layer Manifest Generated`);
+    console.log(`  Total models: ${modelPaths.length}`);
+    console.log(`  L1 (Evidence):  ${layers.L1.length}`);
+    console.log(`  L2 (Semantics): ${layers.L2.length}`);
+    console.log(`  L3 (Reasoning): ${layers.L3.length}`);
+    console.log(`  Maturity 0 (ungrounded): ${maturityDist[0] || 0}`);
+    console.log(`  Maturity 1 (has semantics): ${maturityDist[1] || 0}`);
+    console.log(`  Spec modules with invariants: ${specModules.length}`);
+  }
+}
+
+main();

package/bin/call-quorum-slot.cjs

@@ -16,7 +16,7 @@
  * Reads providers.json, dispatches to the slot's CLI (subprocess) or HTTP provider,
  * prints the response text to stdout.
  *
- * Used by qgsd-quorum-orchestrator (sub-agent) which cannot access MCP tools.
+ * Used by nf-quorum-orchestrator (sub-agent) which cannot access MCP tools.
  *
  * Exit codes: 0 = success, 1 = error (message on stderr)
  */
@@ -205,8 +205,8 @@ if (!slot) {
 // ─── Find providers.json ───────────────────────────────────────────────────────
 function findProviders() {
   const searchPaths = [
-    path.join(__dirname, 'providers.json'),                             // same dir (qgsd-bin)
-    path.join(os.homedir(), '.claude', 'qgsd-bin', 'providers.json'),  // installed fallback
+    path.join(__dirname, 'providers.json'),                             // same dir (nf-bin)
+    path.join(os.homedir(), '.claude', 'nf-bin', 'providers.json'),  // installed fallback
   ];
 
   // Also derive path from unified-1 MCP server config in ~/.claude.json

package/bin/ccr-secure-config.cjs

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
 // bin/ccr-secure-config.cjs
-// Reads the 3 CCR provider API keys from keytar (qgsd service) and writes them
+// Reads the 3 CCR provider API keys from keytar (nforma service) and writes them
 // into ~/.claude-code-router/config.json with chmod 600.
 // Designed to be called at session start and on-demand. Fail-silent when keytar
 // is unavailable or keys are not yet stored.
@@ -17,7 +17,7 @@ const CONFIG_PATH = path.join(os.homedir(), '.claude-code-router', 'config.json'
 // Locate secrets.cjs — try installed global path first, then local dev path.
 function findSecrets() {
   const candidates = [
-    path.join(os.homedir(), '.claude', 'qgsd-bin', 'secrets.cjs'), // installed path
+    path.join(os.homedir(), '.claude', 'nf-bin', 'secrets.cjs'), // installed path
     path.join(__dirname, 'secrets.cjs'),                             // local dev path
   ];
   for (const p of candidates) {
@@ -39,9 +39,9 @@ async function main() {
 
   let akashKey, togetherKey, fireworksKey;
   try {
-    akashKey    = await secrets.get('qgsd', 'AKASHML_API_KEY');
-    togetherKey = await secrets.get('qgsd', 'TOGETHER_API_KEY');
-    fireworksKey = await secrets.get('qgsd', 'FIREWORKS_API_KEY');
+    akashKey    = await secrets.get('nforma', 'AKASHML_API_KEY');
+    togetherKey = await secrets.get('nforma', 'TOGETHER_API_KEY');
+    fireworksKey = await secrets.get('nforma', 'FIREWORKS_API_KEY');
   } catch (e) {
     process.stderr.write('[ccr-secure-config] keytar unavailable: ' + e.message + '\n');
     process.exit(0);

package/bin/check-bundled-sdks.cjs

@@ -5,7 +5,7 @@ const fs = require('fs');
 const path = require('path');
 
 // ---------------------------------------------------------------------------
-// Forbidden SDK list — LLM SDKs that QGSD must not bundle (ARCH-10)
+// Forbidden SDK list — LLM SDKs that nForma must not bundle (ARCH-10)
 // ---------------------------------------------------------------------------
 
 const FORBIDDEN_SDKS = [

package/bin/check-mcp-health.cjs

@@ -12,7 +12,7 @@
  * Usage:
  *   node bin/check-mcp-health.cjs [--timeout-ms N] [--json]
  *
- * Designed to be called at the start of /qgsd:quorum to skip
+ * Designed to be called at the start of /nf:quorum to skip
  * unresponsive servers before making full inference calls.
  */
 

package/bin/check-provider-health.cjs

@@ -13,7 +13,7 @@
  *
  * No LLM inference is performed — this completes in ~2–3 seconds.
  *
- * TTL cache at ~/.claude/qgsd-provider-cache.json:
+ * TTL cache at ~/.claude/nf-provider-cache.json:
  *   - DOWN entries: 5 minutes TTL
  *   - UP entries:   3 minutes TTL
  *   Cache is read before probing; stale or missing → probe runs normally.
@@ -54,7 +54,7 @@ const NO_CACHE     = hasFlag('--no-cache');
 const CACHE_STATUS = hasFlag('--cache-status');
 
 // ─── TTL cache constants ──────────────────────────────────────────────────────
-const CACHE_FILE    = path.join(os.homedir(), '.claude', 'qgsd-provider-cache.json');
+const CACHE_FILE    = path.join(os.homedir(), '.claude', 'nf-provider-cache.json');
 const TTL_DOWN_MS   = 300000; // 5 minutes
 const TTL_UP_MS     = 180000; // 3 minutes
 
@@ -122,11 +122,11 @@ try {
   process.exit(1);
 }
 
-// Load quorum_active from ~/.claude/qgsd.json (project config takes precedence)
+// Load quorum_active from ~/.claude/nf.json (project config takes precedence)
 let quorumActive = [];
 try {
-  const globalQgsd = path.join(os.homedir(), '.claude', 'qgsd.json');
-  const projQgsd   = path.join(process.cwd(), '.claude', 'qgsd.json');
+  const globalQgsd = path.join(os.homedir(), '.claude', 'nf.json');
+  const projQgsd   = path.join(process.cwd(), '.claude', 'nf.json');
   for (const cfgPath of [globalQgsd, projQgsd]) {
     try {
       const cfgRaw = JSON.parse(fs.readFileSync(cfgPath, 'utf8'));
@@ -239,7 +239,7 @@ function probeUrl(baseUrl, apiKey) {
     const parsed = new URL(probeUrl);
     const lib = parsed.protocol === 'https:' ? https : http;
 
-    const headers = { 'User-Agent': 'qgsd-health-check/1.0' };
+    const headers = { 'User-Agent': 'nf-health-check/1.0' };
     if (apiKey) headers['Authorization'] = `Bearer ${apiKey}`;
 
     const req = lib.request(

package/bin/check-spec-sync.cjs

@@ -3,22 +3,22 @@
 // bin/check-spec-sync.cjs
 // Verifies that formal specs stay in sync with the XState machine.
 //
-// The XState machine (src/machines/qgsd-workflow.machine.ts) is the SOURCE OF TRUTH.
+// The XState machine (src/machines/nf-workflow.machine.ts) is the SOURCE OF TRUTH.
 // Formal specs must mirror it — not the other way around.
 //
 // Checks:
-//   1. State names in QGSDQuorum.tla TypeOK match the XState machine states
+//   1. State names in NFQuorum.tla TypeOK match the XState machine states
 //   2. MaxDeliberation in MCsafety.cfg and MCliveness.cfg matches the XState context default
-//   3. Initial state in QGSDQuorum.tla Init matches the XState initial state
+//   3. Initial state in NFQuorum.tla Init matches the XState initial state
 //   4. Alloy .als files do not reference state names or guard names not in XState machine
-//   5. Guard names in XState machine match keys in .planning/formal/tla/guards/qgsd-workflow.json (bidirectional)
+//   5. Guard names in XState machine match keys in .planning/formal/tla/guards/nf-workflow.json (bidirectional)
 //
 // Exit 0 = in sync; Exit 1 = drift detected.
 // Usage: node bin/check-spec-sync.cjs [--tla-path=<path>] [--guards-path=<path>]
 //
 // CLI overrides (for fixture-based tests):
-//   --tla-path=<abs-path>    Override path to QGSDQuorum.tla (default: .planning/formal/tla/QGSDQuorum.tla)
-//   --guards-path=<abs-path> Override path to guards JSON (default: .planning/formal/tla/guards/qgsd-workflow.json)
+//   --tla-path=<abs-path>    Override path to NFQuorum.tla (default: .planning/formal/tla/NFQuorum.tla)
+//   --guards-path=<abs-path> Override path to guards JSON (default: .planning/formal/tla/guards/nf-workflow.json)
 
 const { buildSync } = require('esbuild');
 const fs   = require('fs');
@@ -35,11 +35,11 @@ const guardsPathOverride = process.argv.find(a => a.startsWith('--guards-path=')
 // Resolved paths (absolute)
 const TLA_ABS_PATH = tlaPathOverride
   ? tlaPathOverride.slice('--tla-path='.length)
-  : path.join(ROOT, '.planning', 'formal', 'tla', 'QGSDQuorum.tla');
+  : path.join(ROOT, '.planning', 'formal', 'tla', 'NFQuorum.tla');
 
 const GUARDS_ABS_PATH = guardsPathOverride
   ? guardsPathOverride.slice('--guards-path='.length)
-  : path.join(ROOT, '.planning', 'formal', 'tla', 'guards', 'qgsd-workflow.json');
+  : path.join(ROOT, '.planning', 'formal', 'tla', 'guards', 'nf-workflow.json');
 
 // ── Load files ───────────────────────────────────────────────────────────────
 function load(rel) {
@@ -67,7 +67,7 @@ const livenessCfg = load('.planning/formal/tla/MCliveness.cfg');
 // Compile the TypeScript machine to a temporary CJS bundle, then require() it.
 // This gives us the live machine object — no regex parsing of raw source.
 
-const MACHINE_FILE = path.join(ROOT, 'src/machines/qgsd-workflow.machine.ts');
+const MACHINE_FILE = path.join(ROOT, 'src/machines/nf-workflow.machine.ts');
 const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'check-spec-sync-'));
 const tmpBundle = path.join(tmpDir, 'machine.cjs');
 
@@ -128,7 +128,7 @@ if (machineObj && machineObj.config) {
   // Fallback: use regex if esbuild fails (e.g., in environments without esbuild)
   process.stderr.write('[check-spec-sync] esbuild extraction failed: ' + xstateExtractError + '\n');
   process.stderr.write('[check-spec-sync] Falling back to regex extraction (limited)\n');
-  const machineSrc = load('src/machines/qgsd-workflow.machine.ts');
+  const machineSrc = load('src/machines/nf-workflow.machine.ts');
   xstateStateNames = (machineSrc.match(/^    ([A-Z_]+):\s*\{/gm) || []).map(l => l.trim().split(':')[0]);
   const md = machineSrc.match(/maxDeliberation:\s*(\d+)/);
   xstateMaxDelib = md ? parseInt(md[1], 10) : null;
@@ -161,7 +161,7 @@ function fail(msg) { errors.push('  FAIL  ' + msg); }
 function warn(msg) { warnings.push('  WARN  ' + msg); }
 function ok(msg)   { process.stdout.write('  OK    ' + msg + '\n'); }
 
-process.stdout.write('\n[check-spec-sync] Source of truth: src/machines/qgsd-workflow.machine.ts\n\n');
+process.stdout.write('\n[check-spec-sync] Source of truth: src/machines/nf-workflow.machine.ts\n\n');
 
 // Check 1: State names
 if (xstateStateNames.length === 0) {
@@ -170,7 +170,7 @@ if (xstateStateNames.length === 0) {
   ok('XState states: ' + xstateStateNames.join(', '));
 
   if (tlaPhaseValues.length === 0) {
-    fail('Could not parse phase values from QGSDQuorum.tla TypeOK');
+    fail('Could not parse phase values from NFQuorum.tla TypeOK');
   } else {
     ok('TLA+ phases:  ' + tlaPhaseValues.join(', '));
 
@@ -182,7 +182,7 @@ if (xstateStateNames.length === 0) {
     }
     if (extra.length > 0) {
       fail('TLA+ TypeOK has orphaned phases not in XState machine: ' + extra.join(', ') +
-        '\n         (These TLA+ phases have no corresponding XState state — update QGSDQuorum.tla)');
+        '\n         (These TLA+ phases have no corresponding XState state — update NFQuorum.tla)');
     }
     if (missing.length === 0 && extra.length === 0) {
       ok('State names match exactly');
@@ -226,7 +226,7 @@ if (xstateInitial === null) {
   ok('XState initial state: ' + xstateInitial);
 
   if (tlaInitPhase === null) {
-    fail('Could not parse Init phase from QGSDQuorum.tla');
+    fail('Could not parse Init phase from NFQuorum.tla');
   } else if (tlaInitPhase !== xstateInitial) {
     fail(
       'TLA+ Init sets phase="' + tlaInitPhase +
@@ -244,7 +244,7 @@ if (xstateInitial === null) {
 //
 // Note: Alloy orphan detection uses warn() not fail() because Alloy models are intentional
 // abstractions — they may use different predicate names (e.g., MajorityReached instead of
-// minQuorumMet). The authoritative guard mapping check is in Check 5 (guards/qgsd-workflow.json).
+// minQuorumMet). The authoritative guard mapping check is in Check 5 (guards/nf-workflow.json).
 const alloyDir = path.join(ROOT, '.planning', 'formal', 'alloy');
 if (fs.existsSync(alloyDir)) {
   const alsFiles = fs.readdirSync(alloyDir).filter(f => f.endsWith('.als'));
@@ -282,17 +282,17 @@ if (fs.existsSync(alloyDir)) {
 // Mapping context:
 //   XState uses camelCase guard names (minQuorumMet, noInfiniteDeliberation, phaseMonotonicallyAdvances).
 //   TLA+ uses PascalCase predicates (MinQuorumMet, DeliberationBounded) — different names, same semantics.
-//   The bridge is .planning/formal/tla/guards/qgsd-workflow.json, which maps XState guard names to TLA+ expressions.
+//   The bridge is .planning/formal/tla/guards/nf-workflow.json, which maps XState guard names to TLA+ expressions.
 //
-//   If a guard is renamed in the XState machine, it must also be updated in guards/qgsd-workflow.json.
-//   If a mapping entry is removed from guards/qgsd-workflow.json without removing the guard from
+//   If a guard is renamed in the XState machine, it must also be updated in guards/nf-workflow.json.
+//   If a mapping entry is removed from guards/nf-workflow.json without removing the guard from
 //   the machine (or vice versa), this check will detect the inconsistency.
 //
-// This check also corroborates by scanning QGSDQuorum.tla source text for camelCase guard name
+// This check also corroborates by scanning NFQuorum.tla source text for camelCase guard name
 // occurrences (they appear in the header comment block as documentation of guard translations).
 if (xstateGuardNames.length > 0) {
   if (!fs.existsSync(GUARDS_ABS_PATH)) {
-    fail('.planning/formal/tla/guards/qgsd-workflow.json not found — cannot verify guard name sync');
+    fail('.planning/formal/tla/guards/nf-workflow.json not found — cannot verify guard name sync');
   } else {
     let guardsJson = null;
     try {
@@ -306,28 +306,28 @@ if (xstateGuardNames.length > 0) {
       ok('Guards JSON mapped names:     ' + mappedGuardNames.join(', '));
 
       // Forward check: XState guard → guards JSON (drift detection)
-      // If a guard is renamed in XState but guards/qgsd-workflow.json still has the old name, this fires.
+      // If a guard is renamed in XState but guards/nf-workflow.json still has the old name, this fires.
       const missingFromMapping = xstateGuardNames.filter(g => !mappedGuardNames.includes(g));
       if (missingFromMapping.length > 0) {
         fail(
-          'XState guards not found in guards/qgsd-workflow.json: ' + missingFromMapping.join(', ') +
-          '\n         (Update .planning/formal/tla/guards/qgsd-workflow.json to map these guard names to their TLA+ predicates)'
+          'XState guards not found in guards/nf-workflow.json: ' + missingFromMapping.join(', ') +
+          '\n         (Update .planning/formal/tla/guards/nf-workflow.json to map these guard names to their TLA+ predicates)'
         );
       }
 
       // Reverse check: guards JSON → XState (orphan detection)
-      // If a guard mapping entry exists in guards/qgsd-workflow.json but the guard was removed from
+      // If a guard mapping entry exists in guards/nf-workflow.json but the guard was removed from
       // the XState machine, this is an orphaned mapping.
       const orphanedGuards = mappedGuardNames.filter(g => !xstateGuardNames.includes(g));
       if (orphanedGuards.length > 0) {
         fail(
-          'guards/qgsd-workflow.json references guards not in XState machine: ' + orphanedGuards.join(', ') +
+          'guards/nf-workflow.json references guards not in XState machine: ' + orphanedGuards.join(', ') +
           '\n         (These guard mappings are orphaned — remove them or restore the XState guard)'
         );
       }
 
       if (missingFromMapping.length === 0 && orphanedGuards.length === 0) {
-        ok('Guard names match exactly between XState machine and guards/qgsd-workflow.json');
+        ok('Guard names match exactly between XState machine and guards/nf-workflow.json');
       }
 
       // Corroboration: check TLA+ source mentions guard names in comment references

package/bin/check-trace-schema-drift.cjs

@@ -16,10 +16,10 @@ const VALIDATOR_FILE = 'bin/validate-traces.cjs';
 
 const KNOWN_EMITTERS = [
   'bin/validate-traces.cjs',
-  'hooks/qgsd-stop.js',
-  'hooks/qgsd-prompt.js',
-  'hooks/dist/qgsd-stop.js',
-  'hooks/dist/qgsd-prompt.js',
+  'hooks/nf-stop.js',
+  'hooks/nf-prompt.js',
+  'hooks/dist/nf-stop.js',
+  'hooks/dist/nf-prompt.js',
 ];
 
 /**
@@ -44,7 +44,7 @@ function checkSchemaDrift(changedFiles) {
   // but validator_updated alone does not satisfy emitter_updated — need a non-validator emitter
   // OR validate-traces.cjs satisfies both when it IS the emitter.
   // Per spec: atomic requires validator AND an emitter. validate-traces.cjs counts as emitter only
-  // when a separate hook file (qgsd-stop.js, qgsd-prompt.js, etc.) is also present.
+  // when a separate hook file (nf-stop.js, nf-prompt.js, etc.) is also present.
   const NON_VALIDATOR_EMITTERS = KNOWN_EMITTERS.filter(e => e !== VALIDATOR_FILE);
   const emitterUpdated = changedFiles.some(f =>
     NON_VALIDATOR_EMITTERS.some(emitter => f === emitter || f.includes(emitter))

package/bin/conformance-schema.cjs

@@ -1,10 +1,10 @@
 'use strict';
 // bin/conformance-schema.cjs
 // Single source of truth for conformance event field enumerations.
-// Imported by hooks (qgsd-stop.js, qgsd-prompt.js, qgsd-circuit-breaker.js) and validate-traces.cjs.
+// Imported by hooks (nf-stop.js, nf-prompt.js, nf-circuit-breaker.js) and validate-traces.cjs.
 // NEVER add external require() calls — hooks have zero runtime dependencies.
 
-const VALID_ACTIONS  = ['quorum_start', 'quorum_complete', 'quorum_block', 'deliberation_round', 'circuit_break'];
+const VALID_ACTIONS  = ['quorum_start', 'quorum_complete', 'quorum_block', 'deliberation_round', 'circuit_break', 'cache_hit', 'budget_warn', 'budget_downgrade', 'stall_detected', 'security_sweep'];
 const VALID_PHASES   = ['IDLE', 'COLLECTING_VOTES', 'DELIBERATING', 'DECIDED'];
 const VALID_OUTCOMES = ['APPROVE', 'BLOCK', 'UNAVAILABLE', 'DELIBERATE'];
 const schema_version = '1';