@nimiplatform/nimi-coding 0.1.0 → 0.2.1

package/cli/lib/audit-sweep-runtime/admissions.mjs

@@ -36,7 +36,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
   } catch (error) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} must contain valid YAML (${error.message}).\n`,
+      error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} must contain valid YAML (${error.message}).\n`,
     };
   }
 
@@ -47,25 +47,25 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
   if (!Array.isArray(rawExcludePatterns)) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} exclude_patterns must be an array.\n`,
+      error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} exclude_patterns must be an array.\n`,
     };
   }
   if (!Array.isArray(rawIgnorePatterns)) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_patterns must be an array.\n`,
+      error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_patterns must be an array.\n`,
     };
   }
   if (!Array.isArray(rawIgnoreOwnerDomains)) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_owner_domains must be an array.\n`,
+      error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_owner_domains must be an array.\n`,
     };
   }
   if (rawIgnoreReason !== null && (typeof rawIgnoreReason !== "string" || rawIgnoreReason.trim().length === 0)) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_reason must be a non-empty string when present.\n`,
+      error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_reason must be a non-empty string when present.\n`,
     };
   }
 
@@ -74,7 +74,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
     if (typeof pattern !== "string" || pattern.trim().length === 0) {
       return {
         ok: false,
-        error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} exclude_patterns entries must be non-empty strings.\n`,
+        error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} exclude_patterns entries must be non-empty strings.\n`,
       };
     }
     excludePatterns.push(pattern.trim());
@@ -84,7 +84,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
     if (typeof pattern !== "string" || pattern.trim().length === 0) {
       return {
         ok: false,
-        error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_patterns entries must be non-empty strings.\n`,
+        error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_patterns entries must be non-empty strings.\n`,
       };
     }
     ignorePatterns.push(pattern.trim());
@@ -94,7 +94,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
     if (typeof ownerDomain !== "string" || ownerDomain.trim().length === 0) {
       return {
         ok: false,
-        error: `nimicoding audit-sweep refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_owner_domains entries must be non-empty strings.\n`,
+        error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_owner_domains entries must be non-empty strings.\n`,
       };
     }
     ignoreOwnerDomains.push(ownerDomain.trim());
@@ -123,7 +123,7 @@ export async function loadAppSliceAdmissions(projectRoot) {
   } catch (error) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${APP_SLICE_ADMISSION_REF} must contain valid YAML (${error.message}).\n`,
+      error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} must contain valid YAML (${error.message}).\n`,
     };
   }
 
@@ -131,7 +131,7 @@ export async function loadAppSliceAdmissions(projectRoot) {
   if (!rows) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${APP_SLICE_ADMISSION_REF} must declare admissions as an array.\n`,
+      error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} must declare admissions as an array.\n`,
     };
   }
 
@@ -146,20 +146,20 @@ export async function loadAppSliceAdmissions(projectRoot) {
       ? row.evidence_roots.map((entry) => String(entry ?? "").trim().replace(/\\/g, "/").replace(/\/$/, "")).filter(Boolean)
       : null;
     if (!appId || seenAppIds.has(appId)) {
-      return { ok: false, error: `nimicoding audit-sweep refused: ${APP_SLICE_ADMISSION_REF} has missing or duplicate app_id.\n` };
+      return { ok: false, error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} has missing or duplicate app_id.\n` };
     }
     seenAppIds.add(appId);
     if (appId === "avatar") {
-      return { ok: false, error: `nimicoding audit-sweep refused: avatar is promoted to .nimi/spec/avatar and must not be admitted through ${APP_SLICE_ADMISSION_REF}.\n` };
+      return { ok: false, error: `nimicoding sweep audit refused: avatar is promoted to .nimi/spec/avatar and must not be admitted through ${APP_SLICE_ADMISSION_REF}.\n` };
     }
     if (status !== "active") {
       continue;
     }
     if (!ownerDomain || !safeProjectRef(authorityRoot) || !authorityRoot.startsWith(`apps/${appId}/spec`)) {
-      return { ok: false, error: `nimicoding audit-sweep refused: ${APP_SLICE_ADMISSION_REF} ${appId} has invalid owner_domain or authority_root.\n` };
+      return { ok: false, error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} ${appId} has invalid owner_domain or authority_root.\n` };
     }
     if (!evidenceRoots || evidenceRoots.length === 0 || !evidenceRoots.every((rootRef) => safeProjectRef(rootRef) && refInsideRoot(rootRef, `apps/${appId}`))) {
-      return { ok: false, error: `nimicoding audit-sweep refused: ${APP_SLICE_ADMISSION_REF} ${appId} has invalid evidence_roots.\n` };
+      return { ok: false, error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} ${appId} has invalid evidence_roots.\n` };
     }
     admissions.push({
       app_id: appId,
@@ -203,12 +203,12 @@ export async function loadAuditEvidenceRootAdmissions(projectRoot, listGitFiles,
     } catch (error) {
       return {
         ok: false,
-        error: `nimicoding audit-sweep refused: ${tableRef} must contain valid YAML (${error.message}).\n`,
+        error: `nimicoding sweep audit refused: ${tableRef} must contain valid YAML (${error.message}).\n`,
       };
     }
     const rows = Array.isArray(parsed?.roots) ? parsed.roots : null;
     if (!rows) {
-      return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} must declare roots as an array.\n` };
+      return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} must declare roots as an array.\n` };
     }
     for (const row of rows) {
       const id = String(row?.id ?? "").trim();
@@ -220,13 +220,13 @@ export async function loadAuditEvidenceRootAdmissions(projectRoot, listGitFiles,
         ? row.evidence_roots.map((entry) => String(entry ?? "").trim().replace(/\\/g, "/").replace(/\/$/, "")).filter(Boolean)
         : null;
       if (!id || !ownerDomain || !authorityRefs?.length || !evidenceRoots?.length) {
-        return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} root rows require id, owner_domain, authority_refs, and evidence_roots.\n` };
+        return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} root rows require id, owner_domain, authority_refs, and evidence_roots.\n` };
       }
       if (!authorityRefs.every((ref) => safeProjectRef(ref) && ref.startsWith(".nimi/spec/"))) {
-        return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} authority_refs must stay under .nimi/spec.\n` };
+        return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} authority_refs must stay under .nimi/spec.\n` };
       }
       if (!evidenceRoots.every((ref) => safeProjectRef(ref) && !ref.startsWith(".nimi/spec/"))) {
-        return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} evidence_roots must be project evidence roots outside .nimi/spec.\n` };
+        return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} evidence_roots must be project evidence roots outside .nimi/spec.\n` };
       }
       admissions.push({
         id,
@@ -256,12 +256,12 @@ export async function loadPackageAuthorityAdmissions(projectRoot, listGitFiles,
     } catch (error) {
       return {
         ok: false,
-        error: `nimicoding audit-sweep refused: ${tableRef} must contain valid YAML (${error.message}).\n`,
+        error: `nimicoding sweep audit refused: ${tableRef} must contain valid YAML (${error.message}).\n`,
       };
     }
     const rows = Array.isArray(parsed?.admissions) ? parsed.admissions : null;
     if (!rows) {
-      return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} must declare admissions as an array.\n` };
+      return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} must declare admissions as an array.\n` };
     }
     for (const row of rows) {
       const id = String(row?.id ?? "").trim();
@@ -279,28 +279,37 @@ export async function loadPackageAuthorityAdmissions(projectRoot, listGitFiles,
         : [];
       const admissionKey = `${tableRef}#${id}`;
       if (!id || seenIds.has(admissionKey)) {
-        return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} has missing or duplicate package authority id.\n` };
+        return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} has missing or duplicate package authority id.\n` };
       }
       seenIds.add(admissionKey);
       if (status !== "active") {
         continue;
       }
       if (!ownerDomain || !safeProjectRef(authorityRoot) || authorityRoot.startsWith(".nimi/spec/") || !authorityRoot.endsWith("/spec")) {
-        return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} has invalid owner_domain or authority_root.\n` };
+        return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} has invalid owner_domain or authority_root.\n` };
       }
       if (!evidenceRoots || evidenceRoots.length === 0 || !evidenceRoots.every((rootRef) => safeProjectRef(rootRef) && !rootRef.startsWith(".nimi/spec/") && refInsideRoot(authorityRoot, rootRef))) {
-        return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} has invalid evidence_roots.\n` };
+        return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} has invalid evidence_roots.\n` };
       }
       const seenProjectionHostRefs = new Set();
       for (const projection of hostAuthorityProjectionRefs) {
-        if (!safeProjectRef(projection.host_ref) || !projection.host_ref.startsWith(".nimi/spec/")) {
-          return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} host_authority_projection_refs host_ref must stay under .nimi/spec.\n` };
+        const hostProjectionAllowed = projection.host_ref.startsWith(".nimi/config/")
+          || projection.host_ref.startsWith(".nimi/contracts/")
+          || projection.host_ref.startsWith(".nimi/methodology/")
+          || projection.host_ref.startsWith(".nimi/spec/");
+        if (!safeProjectRef(projection.host_ref) || !hostProjectionAllowed) {
+          return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} host_authority_projection_refs host_ref must stay under .nimi config/contracts/methodology/spec projections.\n` };
         }
-        if (!safeProjectRef(projection.package_ref) || !refInsideRoot(projection.package_ref, authorityRoot)) {
-          return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} host_authority_projection_refs package_ref must stay under authority_root.\n` };
+        const packageRoot = authorityRoot.replace(/\/spec$/, "");
+        const packageProjectionAllowed = projection.package_ref.startsWith(`${packageRoot}/config/`)
+          || projection.package_ref.startsWith(`${packageRoot}/contracts/`)
+          || projection.package_ref.startsWith(`${packageRoot}/methodology/`)
+          || projection.package_ref.startsWith(`${packageRoot}/spec/`);
+        if (!safeProjectRef(projection.package_ref) || !packageProjectionAllowed) {
+          return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} host_authority_projection_refs package_ref must stay under admitted package authority roots.\n` };
         }
         if (seenProjectionHostRefs.has(projection.host_ref)) {
-          return { ok: false, error: `nimicoding audit-sweep refused: ${tableRef} ${id} host_authority_projection_refs contains duplicate host_ref.\n` };
+          return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} host_authority_projection_refs contains duplicate host_ref.\n` };
         }
         seenProjectionHostRefs.add(projection.host_ref);
       }

package/cli/lib/audit-sweep-runtime/audit-validity.mjs

@@ -21,6 +21,7 @@ const REQUIRED_P0P1_RULE_CHECK_IDS = [
   "provider_or_model_hardcoding",
   "app_local_shadow_truth",
 ];
+const REQUIRED_P0P1_RULE_CHECK_ID_SET = new Set(REQUIRED_P0P1_RULE_CHECK_IDS);
 
 function validateP0P1RuleChecks(evidence, implementationRefSet) {
   const ruleChecks = evidence?.coverage?.p0p1_rule_checks;
@@ -35,10 +36,17 @@ function validateP0P1RuleChecks(evidence, implementationRefSet) {
 
   const checkedIds = [];
   const invalid = [];
+  const seenIds = new Set();
   for (const [index, check] of ruleChecks.entries()) {
     const id = typeof check?.id === "string" ? check.id : "";
     if (id) {
       checkedIds.push(id);
+      if (!REQUIRED_P0P1_RULE_CHECK_ID_SET.has(id)) {
+        invalid.push({ index, id, reason: "id must exactly match an admitted P0/P1 rule check id" });
+      } else if (seenIds.has(id)) {
+        invalid.push({ index, id, reason: "duplicate P0/P1 rule check id" });
+      }
+      seenIds.add(id);
     }
     const status = check?.status;
     if (!["checked", "not_applicable"].includes(status)) {

package/cli/lib/audit-sweep-runtime/chunks.mjs

@@ -456,7 +456,7 @@ export function buildAuditorPacket(sweepId, chunk, auditor, dispatchedAt, plan,
       finding_locations_must_belong_to_chunk_files_or_evidence_inventory: true,
       authority_only_finding_location_policy: "when no implementation surface exists, findings[].location.file must be the in-scope authority_ref that contains the defect",
       finding_contract_ref: ".nimi/contracts/audit-finding.schema.yaml",
-      ingest_command: `nimicoding audit-sweep chunk ingest --sweep-id ${sweepId} --chunk-id ${chunk.chunk_id} --from <audit-output.json> --verified-at <ISO-8601-UTC>`,
+      ingest_command: `nimicoding sweep audit chunk ingest --sweep-id ${sweepId} --chunk-id ${chunk.chunk_id} --from <audit-output.json> --verified-at <ISO-8601-UTC>`,
     },
     hard_constraints: [
       "do_not_sample_out_files_from_this_chunk",
@@ -477,7 +477,7 @@ export function buildAuditorPacket(sweepId, chunk, auditor, dispatchedAt, plan,
 export async function dispatchAuditSweepChunk(projectRoot, options) {
   const sweepId = safeSweepId(options.sweepId);
   if (!sweepId || typeof options.chunkId !== "string") {
-    return inputError("nimicoding audit-sweep refused: --sweep-id and --chunk-id are required.\n");
+    return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
   }
 
   const timestampError = ensureIsoTimestamp(options.dispatchedAt, "--dispatched-at");
@@ -497,11 +497,11 @@ export async function dispatchAuditSweepChunk(projectRoot, options) {
   }
 
   if (chunkResult.chunk.state !== "planned") {
-    return inputError("nimicoding audit-sweep refused: chunk dispatch requires planned state.\n");
+    return inputError("nimicoding sweep audit refused: chunk dispatch requires planned state.\n");
   }
   const budgetBlock = budgetBlockForChunk(planResult.plan, chunkResult.chunk);
   if (budgetBlock) {
-    return inputError(`nimicoding audit-sweep refused: ${budgetBlock}; build or admit remediation bundles before continuing discovery.\n`);
+    return inputError(`nimicoding sweep audit refused: ${budgetBlock}; build or admit remediation bundles before continuing discovery.\n`);
   }
 
   const updatedChunk = {
@@ -557,7 +557,7 @@ export async function dispatchAuditSweepChunk(projectRoot, options) {
 export async function reviewAuditSweepChunk(projectRoot, options) {
   const sweepId = safeSweepId(options.sweepId);
   if (!sweepId || typeof options.chunkId !== "string") {
-    return inputError("nimicoding audit-sweep refused: --sweep-id and --chunk-id are required.\n");
+    return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
   }
 
   const timestampError = ensureIsoTimestamp(options.reviewedAt, "--reviewed-at");
@@ -566,7 +566,7 @@ export async function reviewAuditSweepChunk(projectRoot, options) {
   }
 
   if (!["pass", "fail"].includes(options.verdict)) {
-    return inputError("nimicoding audit-sweep refused: --verdict must be pass or fail.\n");
+    return inputError("nimicoding sweep audit refused: --verdict must be pass or fail.\n");
   }
 
   return withAuditSweepMutationLock(projectRoot, sweepId, "chunk review", async () => {
@@ -581,10 +581,10 @@ export async function reviewAuditSweepChunk(projectRoot, options) {
   }
 
   if (chunkResult.chunk.state !== "ingested") {
-    return inputError("nimicoding audit-sweep refused: chunk review requires ingested state.\n");
+    return inputError("nimicoding sweep audit refused: chunk review requires ingested state.\n");
   }
   if (options.verdict === "pass" && chunkResult.chunk.audit_validity?.posture === "invalid") {
-    return inputError("nimicoding audit-sweep refused: manager review cannot freeze invalid no-finding evidence as pass.\n");
+    return inputError("nimicoding sweep audit refused: manager review cannot freeze invalid no-finding evidence as pass.\n");
   }
 
   const nextState = options.verdict === "pass" ? "frozen" : "failed";
@@ -636,14 +636,14 @@ export async function reviewAuditSweepChunk(projectRoot, options) {
 export async function skipAuditSweepChunk(projectRoot, options) {
   const sweepId = safeSweepId(options.sweepId);
   if (!sweepId || typeof options.chunkId !== "string") {
-    return inputError("nimicoding audit-sweep refused: --sweep-id and --chunk-id are required.\n");
+    return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
   }
   const timestampError = ensureIsoTimestamp(options.skippedAt, "--skipped-at");
   if (timestampError) {
     return timestampError;
   }
   if (typeof options.reason !== "string" || !options.reason.trim()) {
-    return inputError("nimicoding audit-sweep refused: --reason is required when skipping a chunk.\n");
+    return inputError("nimicoding sweep audit refused: --reason is required when skipping a chunk.\n");
   }
 
   return withAuditSweepMutationLock(projectRoot, sweepId, "chunk skip", async () => {
@@ -656,7 +656,7 @@ export async function skipAuditSweepChunk(projectRoot, options) {
     return inputError(chunkResult.error);
   }
   if (chunkResult.chunk.state === "frozen") {
-    return inputError("nimicoding audit-sweep refused: frozen chunks cannot be skipped.\n");
+    return inputError("nimicoding sweep audit refused: frozen chunks cannot be skipped.\n");
   }
 
   const updatedChunk = {

package/cli/lib/audit-sweep-runtime/closeout.mjs

@@ -22,7 +22,7 @@ import { validateAuditSweepArtifacts } from "./validators.mjs";
 export async function buildAuditSweepCloseoutImport(projectRoot, options) {
   const sweepId = safeSweepId(options.sweepId);
   if (!sweepId) {
-    return inputError("nimicoding audit-sweep refused: --sweep-id is required.\n");
+    return inputError("nimicoding sweep audit refused: --sweep-id is required.\n");
   }
   const timestampError = ensureIsoTimestamp(options.verifiedAt);
   if (timestampError) {
@@ -37,16 +37,16 @@ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
   const preflightValidation = await validateAuditSweepArtifacts(projectRoot, { sweepId, scope: "remediation" });
   if (!preflightValidation.ok) {
     const failed = preflightValidation.checks.find((entry) => !entry.ok);
-    return inputError(`nimicoding audit-sweep refused: audit-sweep closeout preflight failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
+    return inputError(`nimicoding sweep audit refused: sweep audit closeout preflight failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
   }
   if (ledger.status === "blocked") {
-    return inputError("nimicoding audit-sweep refused: blocked ledger cannot produce completed closeout summary.\n");
+    return inputError("nimicoding sweep audit refused: blocked ledger cannot produce completed closeout summary.\n");
   }
   if (ledger.status === "blocked_evidence_incomplete" || ledger.status === "partial_authority_only") {
-    return inputError("nimicoding audit-sweep refused: incomplete spec authority/evidence coverage cannot produce completed closeout summary.\n");
+    return inputError("nimicoding sweep audit refused: incomplete spec authority/evidence coverage cannot produce completed closeout summary.\n");
   }
   if (ledger.coverage.active_chunks > 0) {
-    return inputError("nimicoding audit-sweep refused: closeout summary requires no active chunks.\n");
+    return inputError("nimicoding sweep audit refused: closeout summary requires no active chunks.\n");
   }
 
   const mapRef = remediationMapRef(sweepId, ledger.snapshot_id);
@@ -58,13 +58,13 @@ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
     : []);
   const unmappedOpenFindings = openFindingIds.filter((findingId) => !mappedFindingIds.has(findingId));
   if (openFindingIds.length > 0 && (!remediationMap || unmappedOpenFindings.length > 0)) {
-    return inputError("nimicoding audit-sweep refused: open findings require remediation map coverage before closeout summary.\n");
+    return inputError("nimicoding sweep audit refused: open findings require remediation map coverage before closeout summary.\n");
   }
   const closedWithoutResolutionEvidence = store.findings
     .filter((finding) => finding.disposition !== "open")
     .filter((finding) => !finding.resolution?.evidence_ref || !finding.resolution?.rerun);
   if (closedWithoutResolutionEvidence.length > 0) {
-    return inputError("nimicoding audit-sweep refused: closed findings require resolution and rerun evidence before closeout summary.\n");
+    return inputError("nimicoding sweep audit refused: closed findings require resolution and rerun evidence before closeout summary.\n");
   }
 
   const coverageStatus = deriveCoverageStatus(ledger.status);
@@ -125,7 +125,7 @@ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
   const closeoutValidation = await validateAuditSweepArtifacts(projectRoot, { sweepId, scope: "closeout" });
   if (!closeoutValidation.ok) {
     const failed = closeoutValidation.checks.find((entry) => !entry.ok);
-    return inputError(`nimicoding audit-sweep refused: audit-sweep closeout validation failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
+    return inputError(`nimicoding sweep audit refused: sweep audit closeout validation failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
   }
 
   return {

package/cli/lib/audit-sweep-runtime/codex-auditor-evidence.mjs

@@ -178,8 +178,8 @@ function isNonImplementationContextRef(ref) {
     || normalized.startsWith(".nimi/spec/")
     || normalized.startsWith(".nimi/contracts/")
     || normalized.startsWith(".nimi/methodology/")
-    || normalized.startsWith("nimi-coding/methodology/")
-    || normalized.startsWith("nimi-coding/spec/");
+    || normalized.startsWith("package://@nimiplatform/nimi-coding/methodology/")
+    || normalized.startsWith("package://@nimiplatform/nimi-coding/spec/");
 }
 
 function stripNonImplementationContextRefs(refs, evidenceInventorySet) {
@@ -562,7 +562,7 @@ function normalizeCodexSemanticOutput(rawOutput, chunk, options) {
     auditor: {
       id: typeof rawOutput.auditor?.id === "string" && rawOutput.auditor.id.trim() ? rawOutput.auditor.id : options.auditorId,
       mode: "codex_semantic_audit",
-      methodology_ref: "nimi-coding/methodology/audit-sweep-p0p1-recall.yaml",
+      methodology_ref: "package://@nimiplatform/nimi-coding/methodology/audit-sweep-p0p1-recall.yaml",
       provenance: {
         kind: "semantic_audit",
         packet_ref: options.packetRef,

package/cli/lib/audit-sweep-runtime/codex-auditor.mjs

@@ -42,7 +42,7 @@ function projectRefForPath(projectRoot, absolutePath) {
 }
 function codexPrompt({ packet, auditorPacketRef, rawRef, sessionRef }) {
   return [
-    "You are the Codex semantic auditor for a nimicoding audit-sweep chunk.",
+    "You are the Codex semantic auditor for a nimicoding sweep audit chunk.",
     "Run in read-only, audit-only mode. Do not edit files. Do not implement product fixes.",
     `Read the auditor packet from ${auditorPacketRef} and inspect the chunk authority refs and implementation evidence semantically.`,
     "Do not rely on this prompt as the chunk inventory; the packet file is the source for files, authority_refs, selected_implementation_refs, audit_depth, retrieval_prepass, and the raw semantic output contract.",
@@ -59,7 +59,7 @@ function codexPrompt({ packet, auditorPacketRef, rawRef, sessionRef }) {
     "The JSON object must have exactly these top-level fields: chunk_id, auditor, coverage, findings.",
     `Set auditor.id to ${JSON.stringify(packet.auditor)}.`,
     `Set auditor.mode to "codex_semantic_audit".`,
-    `Set auditor.methodology_ref to "nimi-coding/methodology/audit-sweep-p0p1-recall.yaml".`,
+    `Set auditor.methodology_ref to "package://@nimiplatform/nimi-coding/methodology/audit-sweep-p0p1-recall.yaml".`,
     "Put P0/P1 rule checks only at coverage.p0p1_rule_checks.",
     `Set auditor.provenance.kind to "semantic_audit".`,
     `Set auditor.provenance.packet_ref to ${JSON.stringify(packetRef(packet.sweep_id, packet.chunk_id))}.`,
@@ -173,11 +173,11 @@ async function prepareCodexAuditPacket(projectRoot, options) {
       return inputError(chunkResult.error);
     }
     if (chunkResult.chunk.state === "skipped") {
-      return inputError("nimicoding audit-sweep refused: skipped chunks cannot be audited through Codex.\n");
+      return inputError("nimicoding sweep audit refused: skipped chunks cannot be audited through Codex.\n");
     }
     const budgetBlock = budgetBlockForChunk(planResult.plan, chunkResult.chunk);
     if (budgetBlock && chunkResult.chunk.state !== "frozen") {
-      return inputError(`nimicoding audit-sweep refused: ${budgetBlock}; build or admit remediation bundles before continuing discovery.\n`);
+      return inputError(`nimicoding sweep audit refused: ${budgetBlock}; build or admit remediation bundles before continuing discovery.\n`);
     }
 
     const dispatch = {
@@ -311,7 +311,7 @@ async function markCodexAuditFailed(projectRoot, options) {
 export async function runCodexAuditSweepChunk(projectRoot, options) {
   const sweepId = safeSweepId(options.sweepId);
   if (!sweepId || typeof options.chunkId !== "string") {
-    return inputError("nimicoding audit-sweep refused: --sweep-id and --chunk-id are required.\n");
+    return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
   }
   const dispatchedAtError = ensureIsoTimestamp(options.dispatchedAt, "--dispatched-at");
   if (dispatchedAtError) {
@@ -394,7 +394,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
         timeout_ms: runResult.timeoutMs,
         stderr_tail: runResult.stderr.slice(-2000),
       });
-      return inputError(`nimicoding audit-sweep refused: ${failureReason}\n`);
+      return inputError(`nimicoding sweep audit refused: ${failureReason}\n`);
     }
   }
 
@@ -425,7 +425,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
       transcript_ref: rawRef,
       reason: extracted.error,
     });
-    return inputError(`nimicoding audit-sweep refused: Codex auditor output rejected for ${options.chunkId}: ${extracted.error}.\n`);
+    return inputError(`nimicoding sweep audit refused: Codex auditor output rejected for ${options.chunkId}: ${extracted.error}.\n`);
   }
 
   await appendRunEvent(projectRoot, sweepId, {
@@ -454,7 +454,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
       phase: "chunk_ingest",
       reason: `Codex auditor evidence ingest rejected: ${ingest.error ?? "unknown ingest failure"}.`,
     });
-    return inputError(`nimicoding audit-sweep refused: Codex auditor evidence ingest rejected for ${options.chunkId}: ${ingest.error ?? "unknown ingest failure"}.\n`);
+    return inputError(`nimicoding sweep audit refused: Codex auditor evidence ingest rejected for ${options.chunkId}: ${ingest.error ?? "unknown ingest failure"}.\n`);
   }
 
   const review = await reviewAuditSweepChunk(projectRoot, {
@@ -475,7 +475,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
       phase: "chunk_review",
       reason: `Codex auditor evidence review rejected: ${review.error ?? "unknown review failure"}.`,
     });
-    return inputError(`nimicoding audit-sweep refused: Codex auditor evidence review rejected for ${options.chunkId}: ${review.error ?? "unknown review failure"}.\n`);
+    return inputError(`nimicoding sweep audit refused: Codex auditor evidence review rejected for ${options.chunkId}: ${review.error ?? "unknown review failure"}.\n`);
   }
 
   const validation = await validateAuditSweepArtifacts(projectRoot, {
@@ -492,7 +492,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
       phase: "post_chunk_validation",
       reason: "Post-Codex chunk validation failed.",
     });
-    return inputError(`nimicoding audit-sweep refused: post-Codex chunk validation failed for ${options.chunkId}.\n`);
+    return inputError(`nimicoding sweep audit refused: post-Codex chunk validation failed for ${options.chunkId}.\n`);
   }
 
   return {

package/cli/lib/audit-sweep-runtime/common.mjs

@@ -97,7 +97,7 @@ export function resolveInsideProject(projectRoot, inputPath, label) {
   if (!isPathInside(projectRoot, absolutePath)) {
     return {
       ok: false,
-      error: `nimicoding audit-sweep refused: ${label} must stay inside the project root.\n`,
+      error: `nimicoding sweep audit refused: ${label} must stay inside the project root.\n`,
     };
   }
 
@@ -168,7 +168,7 @@ export async function withAuditSweepMutationLock(projectRoot, sweepId, label, fn
     handle = await open(lockPath, "wx");
   } catch (error) {
     if (error?.code === "EEXIST") {
-      return inputError(`nimicoding audit-sweep refused: ${label} mutation already in progress for ${sweepId}; retry after the current command finishes.\n`);
+      return inputError(`nimicoding sweep audit refused: ${label} mutation already in progress for ${sweepId}; retry after the current command finishes.\n`);
     }
     throw error;
   }
@@ -264,7 +264,7 @@ export async function loadPlan(projectRoot, sweepId) {
   const ref = planRef(sweepId);
   const plan = await loadYamlRef(projectRoot, ref);
   if (!isPlainObject(plan) || plan.kind !== "audit-plan" || plan.sweep_id !== sweepId) {
-    return { ok: false, error: `nimicoding audit-sweep refused: plan not found for ${sweepId}.\n` };
+    return { ok: false, error: `nimicoding sweep audit refused: plan not found for ${sweepId}.\n` };
   }
   return { ok: true, plan, planRef: ref };
 }
@@ -273,7 +273,7 @@ export async function loadChunk(projectRoot, sweepId, chunkId) {
   const ref = chunkRef(sweepId, chunkId);
   const chunk = await loadYamlRef(projectRoot, ref);
   if (!isPlainObject(chunk) || chunk.kind !== "audit-chunk" || chunk.sweep_id !== sweepId || chunk.chunk_id !== chunkId) {
-    return { ok: false, error: `nimicoding audit-sweep refused: chunk not found for ${sweepId}/${chunkId}.\n` };
+    return { ok: false, error: `nimicoding sweep audit refused: chunk not found for ${sweepId}/${chunkId}.\n` };
   }
   return { ok: true, chunk, chunkRef: ref };
 }
@@ -306,12 +306,12 @@ export async function loadLatestLedger(projectRoot, sweepId) {
   const latestRef = artifactRef("ledger_ref", sweepId, "latest.yaml");
   const pointer = await loadYamlRef(projectRoot, latestRef);
   if (!isPlainObject(pointer) || typeof pointer.ledger_ref !== "string") {
-    return { ok: false, error: `nimicoding audit-sweep refused: latest ledger not found for ${sweepId}.\n` };
+    return { ok: false, error: `nimicoding sweep audit refused: latest ledger not found for ${sweepId}.\n` };
   }
 
   const ledger = await loadYamlRef(projectRoot, pointer.ledger_ref);
   if (!isPlainObject(ledger) || ledger.kind !== "audit-ledger" || ledger.sweep_id !== sweepId) {
-    return { ok: false, error: `nimicoding audit-sweep refused: latest ledger is malformed for ${sweepId}.\n` };
+    return { ok: false, error: `nimicoding sweep audit refused: latest ledger is malformed for ${sweepId}.\n` };
   }
 
   return { ok: true, ledger, ledgerRef: pointer.ledger_ref, pointerRef: latestRef };
@@ -323,7 +323,7 @@ export function inputError(error) {
 
 export function ensureIsoTimestamp(value, label = "--verified-at") {
   if (!isIsoUtcTimestamp(value)) {
-    return inputError(`nimicoding audit-sweep refused: ${label} must be an ISO-8601 UTC timestamp.\n`);
+    return inputError(`nimicoding sweep audit refused: ${label} must be an ISO-8601 UTC timestamp.\n`);
   }
   return null;
 }

package/cli/lib/audit-sweep-runtime/format.mjs

@@ -5,12 +5,12 @@ export function formatAuditSweepPayload(payload) {
     }
     if (payload.checks) {
       const failed = payload.checks.filter((entry) => !entry.ok);
-      return `audit-sweep ${payload.sweepId ?? "result"} validation failed\nchecks: ${payload.checks.length - failed.length}/${payload.checks.length}\nfailed: ${failed.map((entry) => entry.reason).join("; ")}\n`;
+      return `sweep audit ${payload.sweepId ?? "result"} validation failed\nchecks: ${payload.checks.length - failed.length}/${payload.checks.length}\nfailed: ${failed.map((entry) => entry.reason).join("; ")}\n`;
     }
-    return "audit-sweep failed\n";
+    return "sweep audit failed\n";
   }
 
-  const lines = [`audit-sweep ${payload.sweepId ?? payload.auditCloseout?.sweep_id ?? "result"}`];
+  const lines = [`sweep audit ${payload.sweepId ?? payload.auditCloseout?.sweep_id ?? "result"}`];
   for (const [label, value] of [
     ["plan", payload.planRef],
     ["chunk", payload.chunkRef],

package/cli/lib/audit-sweep-runtime/ingest.mjs

@@ -297,7 +297,7 @@ function recordClusteredSymptom(store, cluster, finding, fingerprint, classifica
 export async function ingestAuditSweepChunk(projectRoot, options) {
   const sweepId = safeSweepId(options.sweepId);
   if (!sweepId || typeof options.chunkId !== "string") {
-    return inputError("nimicoding audit-sweep refused: --sweep-id and --chunk-id are required.\n");
+    return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
   }
 
   const timestampError = ensureIsoTimestamp(options.verifiedAt);
@@ -311,7 +311,7 @@ export async function ingestAuditSweepChunk(projectRoot, options) {
   }
   const sourceInfo = await pathExists(source.absolutePath);
   if (!sourceInfo || !sourceInfo.isFile()) {
-    return inputError("nimicoding audit-sweep refused: --from must point to an existing JSON file.\n");
+    return inputError("nimicoding sweep audit refused: --from must point to an existing JSON file.\n");
   }
 
   return withAuditSweepMutationLock(projectRoot, sweepId, "chunk ingest", async () => {
@@ -324,20 +324,20 @@ export async function ingestAuditSweepChunk(projectRoot, options) {
     return inputError(chunkResult.error);
   }
   if (chunkResult.chunk.state !== "dispatched") {
-    return inputError("nimicoding audit-sweep refused: chunk ingest requires dispatched state.\n");
+    return inputError("nimicoding sweep audit refused: chunk ingest requires dispatched state.\n");
   }
 
   const evidenceJson = await loadJsonFile(source.absolutePath);
   if (!evidenceJson.ok) {
-    return inputError("nimicoding audit-sweep refused: --from must contain valid JSON.\n");
+    return inputError("nimicoding sweep audit refused: --from must contain valid JSON.\n");
   }
   const envelope = validateEvidenceEnvelope(evidenceJson.value, chunkResult.chunk);
   if (!envelope.ok) {
-    return inputError(`nimicoding audit-sweep refused: ${envelope.error}.\n`);
+    return inputError(`nimicoding sweep audit refused: ${envelope.error}.\n`);
   }
   const auditValidity = buildAuditValidityForEvidence(chunkResult.chunk, evidenceJson.value);
   if (auditValidity.posture === "invalid") {
-    return inputError(`nimicoding audit-sweep refused: audit evidence is invalid no-finding evidence (${auditValidity.blockers.map((blocker) => blocker.id).join(", ")}).\n`);
+    return inputError(`nimicoding sweep audit refused: audit evidence is invalid no-finding evidence (${auditValidity.blockers.map((blocker) => blocker.id).join(", ")}).\n`);
   }
 
   const evidenceRef = artifactRef("evidence_refs", sweepId, `${options.chunkId}.audit-evidence.json`);
@@ -355,11 +355,11 @@ export async function ingestAuditSweepChunk(projectRoot, options) {
   for (const [index, rawFinding] of evidenceJson.value.findings.entries()) {
     const normalized = normalizeFinding(rawFinding, index, chunkResult.chunk, sweepId, evidenceRef, options.verifiedAt);
     if (!normalized.ok) {
-      return inputError(`nimicoding audit-sweep refused: ${normalized.error}.\n`);
+      return inputError(`nimicoding sweep audit refused: ${normalized.error}.\n`);
     }
     const clusterResult = deriveFindingCluster(rawFinding, normalized.finding, chunkResult.chunk, planResult.plan);
     if (!clusterResult.ok) {
-      return inputError(`nimicoding audit-sweep refused: finding ${index + 1} ${clusterResult.error}.\n`);
+      return inputError(`nimicoding sweep audit refused: finding ${index + 1} ${clusterResult.error}.\n`);
     }
     if (seen.has(normalized.fingerprint)) {
       duplicateCount += 1;