@nimiplatform/nimi-coding 0.1.0 → 0.2.1

package/cli/lib/authority-convergence.mjs

@@ -1,3 +1,6 @@
+import { readdir, readFile, stat } from "node:fs/promises";
+import path from "node:path";
+
 import { loadTopicRuntimeContracts } from "./contracts.mjs";
 
 function stringList(value) {
@@ -81,8 +84,307 @@ export function hasFreshPassingPostUpdateReview(results, implementationResult, p
   ));
 }
 
-export function buildPostUpdateReviewDecision({ topicId, wave, packets, results, policy, commandRef }) {
-  const specUpdatingPacket = packets.find((entry) => needsPostUpdateReview(entry.packet, policy));
+function hasPlaceholder(value) {
+  return /<[^>]+>/u.test(String(value ?? ""));
+}
+
+function concreteRef(value) {
+  return typeof value === "string"
+    && value.length > 0
+    && !hasPlaceholder(value)
+    && !path.isAbsolute(value)
+    && !value.includes("..");
+}
+
+function refsAreConcrete(values) {
+  return stringList(values).length > 0 && stringList(values).every(concreteRef);
+}
+
+async function readJsonRef(projectRoot, ref) {
+  if (!concreteRef(ref)) return null;
+  try {
+    return JSON.parse(await readFile(path.join(projectRoot, ref), "utf8"));
+  } catch {
+    return null;
+  }
+}
+
+function extractTopicValidationEvidenceRefs(sourceText, waveId) {
+  const refs = new Set();
+  const pattern = new RegExp(`\\.nimi/topics/[^\\s)\\]'"<>]+/evidence-validation-${waveId.replace(/[.*+?^${}()|[\]\\]/gu, "\\$&")}[^\\s)\\]'"<>]+\\.json`, "gu");
+  for (const match of sourceText.matchAll(pattern)) {
+    refs.add(match[0]);
+  }
+  return [...refs];
+}
+
+function extractPacketIdsFromSource(sourceText) {
+  const ids = new Set();
+  const patterns = [
+    /^\s*packet_id:\s*`?([a-z0-9]+(?:-[a-z0-9]+)*)`?\s*$/gimu,
+    /\bpacket_id\s*[:=]\s*`?([a-z0-9]+(?:-[a-z0-9]+)*)`?/gimu,
+    /\bpacket\s+id\s*[:=]\s*`?([a-z0-9]+(?:-[a-z0-9]+)*)`?/gimu,
+  ];
+  for (const pattern of patterns) {
+    for (const match of sourceText.matchAll(pattern)) {
+      ids.add(match[1]);
+    }
+  }
+  return [...ids];
+}
+
+function declaresPostUpdateAmbiguity(sourceText) {
+  const ambiguityPattern = /\b(authority|scope|gate|product|semantic)\s+(ambiguity|ambiguous|fork|blocked|blocker|change required)\b/iu;
+  const normalized = sourceText.replace(/\s+/gu, " ");
+  for (const match of normalized.matchAll(new RegExp(ambiguityPattern.source, "giu"))) {
+    const preceding = normalized.slice(0, match.index).toLowerCase();
+    if (/\b(no|none|without)\b[^.!?\n]{0,120}$/u.test(preceding)) {
+      continue;
+    }
+    return true;
+  }
+  return false;
+}
+
+function sourceContainsNegatedTerms(sourceText, terms) {
+  const normalized = sourceText.replace(/\s+/gu, " ").toLowerCase();
+  return terms.every((term) => {
+    const escaped = term.replace(/[.*+?^${}()|[\]\\]/gu, "\\$&").replace(/\\ /gu, "\\s+");
+    return new RegExp(`\\b(no|not|without)\\b[^.!?]{0,160}\\b${escaped}\\b`, "iu").test(normalized)
+      || new RegExp(`\\b${escaped}\\b[^.!?]{0,80}\\b(not\\s+mutated|not\\s+introduced)\\b`, "iu").test(normalized);
+  });
+}
+
+function hasRequiredPostUpdateNegativeDeclarations(sourceText) {
+  return sourceContainsNegatedTerms(sourceText, [
+    "source audit findings",
+    "source sweep-design artifacts",
+    "pseudo-success",
+    "fallback success",
+    "compatibility shim",
+    "dual-read",
+    "dual-write",
+  ]);
+}
+
+async function latestWorkerPromptPacketId(topicDir, packetEntries) {
+  const packetIds = new Set(packetEntries.map((entry) => entry.packet?.packet_id).filter(Boolean));
+  if (!topicDir || packetIds.size === 0) return null;
+  let entries = [];
+  try {
+    entries = await readdir(topicDir, { withFileTypes: true });
+  } catch {
+    return null;
+  }
+  const prompts = [];
+  for (const entry of entries) {
+    if (!entry.isFile() || !entry.name.startsWith("prompt-") || !entry.name.endsWith("-worker.md")) continue;
+    const packetId = entry.name.slice("prompt-".length, -"-worker.md".length);
+    if (!packetIds.has(packetId)) continue;
+    const promptPath = path.join(topicDir, entry.name);
+    try {
+      const promptStat = await stat(promptPath);
+      prompts.push({ packetId, mtimeMs: promptStat.mtimeMs, promptRefName: entry.name });
+    } catch {
+      return null;
+    }
+  }
+  if (prompts.length === 0) return null;
+  prompts.sort((left, right) => right.mtimeMs - left.mtimeMs || left.promptRefName.localeCompare(right.promptRefName));
+  if (prompts.length > 1 && prompts[0].mtimeMs === prompts[1].mtimeMs) return { ambiguous: true };
+  return prompts[0];
+}
+
+async function workerPromptExists(topicDir, packetId) {
+  if (!topicDir || !packetId) return false;
+  try {
+    const promptStat = await stat(path.join(topicDir, `prompt-${packetId}-worker.md`));
+    return promptStat.isFile();
+  } catch {
+    return false;
+  }
+}
+
+function passResultSourceRefSet(projectRoot, results, waveId) {
+  const refs = new Set();
+  for (const entry of results) {
+    if (entry.result?.verdict !== "PASS") continue;
+    if (entry.result?.wave_id && entry.result.wave_id !== waveId) continue;
+    const sourceRef = entry.result?.source_ref;
+    if (!concreteRef(sourceRef)) continue;
+    refs.add(path.resolve(projectRoot, sourceRef));
+  }
+  return refs;
+}
+
+async function hasWaveRemediationArtifact(projectRoot, topicDir, waveId, results) {
+  try {
+    const passSourceRefs = passResultSourceRefSet(projectRoot, results, waveId);
+    const entries = await readdir(topicDir, { withFileTypes: true });
+    for (const entry of entries) {
+      if (!entry.isFile() || !entry.name.endsWith(".md")) continue;
+      if (entry.name.startsWith(`packet-${waveId}-remediation-`)) return true;
+      if (!entry.name.startsWith(`source-${waveId}-`) || !/remediat/iu.test(entry.name)) continue;
+      const sourcePath = path.join(topicDir, entry.name);
+      if (!passSourceRefs.has(path.resolve(sourcePath))) continue;
+      const sourceText = await readFile(sourcePath, "utf8");
+      if (
+        /\bverdict:\s*PASS\b/iu.test(sourceText)
+        && /\blocal_packet_authority_scope_remediation_only:\s*true\b/iu.test(sourceText)
+        && /\bproduct_semantic_ambiguity:\s*false\b/iu.test(sourceText)
+        && /\bsource_audit_findings_mutated:\s*false\b/iu.test(sourceText)
+        && /\bsource_sweep_design_artifacts_mutated:\s*false\b/iu.test(sourceText)
+      ) {
+        return true;
+      }
+    }
+    return false;
+  } catch {
+    return false;
+  }
+}
+
+async function selectPostUpdateProofPacket({ topicDir, wave, specUpdatingPackets, sourceText }) {
+  if (specUpdatingPackets.length === 0) {
+    return { ok: false, reason: "post-update proof requires a spec-updating packet" };
+  }
+
+  const packetIds = extractPacketIdsFromSource(sourceText);
+  const matchingSourcePackets = packetIds
+    .map((packetId) => specUpdatingPackets.find((entry) => entry.packet?.packet_id === packetId) ?? null)
+    .filter(Boolean);
+  const uniqueMatchingSourcePackets = [...new Map(matchingSourcePackets.map((entry) => [entry.packet.packet_id, entry])).values()];
+  if (uniqueMatchingSourcePackets.length > 1) {
+    return { ok: false, reason: "implementation source names multiple post-update packets" };
+  }
+  if (packetIds.length > 0 && uniqueMatchingSourcePackets.length === 0) {
+    return { ok: false, reason: "implementation source packet_id does not match a current post-update packet" };
+  }
+  if (uniqueMatchingSourcePackets.length === 1) {
+    return { ok: true, entry: uniqueMatchingSourcePackets[0], selectionSource: "implementation_source" };
+  }
+
+  const promptLineage = await latestWorkerPromptPacketId(topicDir, specUpdatingPackets);
+  if (promptLineage?.ambiguous) {
+    return { ok: false, reason: "latest worker prompt lineage is ambiguous" };
+  }
+  if (promptLineage?.packetId) {
+    const promptPacket = specUpdatingPackets.find((entry) => entry.packet?.packet_id === promptLineage.packetId);
+    if (promptPacket) return { ok: true, entry: promptPacket, selectionSource: "worker_prompt" };
+  }
+
+  if (specUpdatingPackets.length === 1) {
+    return { ok: true, entry: specUpdatingPackets[0], selectionSource: "single_packet" };
+  }
+
+  return { ok: false, reason: "post-update packet lineage is ambiguous" };
+}
+
+async function mechanicalPostUpdateJudgementProof({ projectRoot, topicDir, wave, specUpdatingPackets, results, implementationResult }) {
+  if (!projectRoot || !topicDir) {
+    return { ok: false, reason: "mechanical proof requires project and topic roots" };
+  }
+  const implementationVerifiedAt = verifiedAtMs(implementationResult);
+  if (!Number.isFinite(implementationVerifiedAt)) {
+    return { ok: false, reason: "implementation result verified_at is not concrete" };
+  }
+  const requiredKinds = new Map([
+    ["audit", "audit result must pass"],
+    ["preflight", "preflight result must pass"],
+    ["implementation", "implementation result must pass"],
+  ]);
+  for (const [kind, reason] of requiredKinds) {
+    const result = latestResultOfKind(results, kind);
+    if (result?.result?.verdict !== "PASS") {
+      return { ok: false, reason };
+    }
+  }
+  const laterBlockingResult = results.find((entry) => {
+    const verifiedAt = verifiedAtMs(entry);
+    return Number.isFinite(verifiedAt)
+      && verifiedAt >= implementationVerifiedAt
+      && entry.result?.verdict !== "PASS";
+  });
+  if (laterBlockingResult) {
+    return { ok: false, reason: "a later non-PASS result exists" };
+  }
+  const sourceRef = implementationResult?.result?.source_ref;
+  if (!concreteRef(sourceRef)) {
+    return { ok: false, reason: "implementation source ref is missing or non-concrete" };
+  }
+  let sourceText = "";
+  try {
+    sourceText = await readFile(path.join(projectRoot, sourceRef), "utf8");
+  } catch {
+    return { ok: false, reason: "implementation source ref is not readable" };
+  }
+  const selectedPacket = await selectPostUpdateProofPacket({
+    topicDir,
+    wave,
+    specUpdatingPackets,
+    sourceText,
+  });
+  if (!selectedPacket.ok) {
+    return { ok: false, reason: selectedPacket.reason };
+  }
+  const packet = selectedPacket.entry.packet;
+  if (packet.status !== "dispatched") {
+    return { ok: false, reason: "post-update proof packet is not the current dispatched packet" };
+  }
+  if (!refsAreConcrete(packet.authority_owner) || !refsAreConcrete(packet.canonical_seams)) {
+    return { ok: false, reason: "packet authority refs are missing or non-concrete" };
+  }
+  const promptLineage = await latestWorkerPromptPacketId(topicDir, specUpdatingPackets);
+  if (selectedPacket.selectionSource === "implementation_source") {
+    if (!await workerPromptExists(topicDir, packet.packet_id)) {
+      return { ok: false, reason: "implementation result packet_id does not have worker prompt lineage" };
+    }
+  } else if (promptLineage?.ambiguous) {
+    return { ok: false, reason: "latest worker prompt lineage is ambiguous" };
+  }
+  if (promptLineage?.ambiguous) {
+    return { ok: false, reason: "latest worker prompt lineage is ambiguous" };
+  }
+  if (promptLineage?.packetId && promptLineage.packetId !== packet.packet_id) {
+    return { ok: false, reason: "implementation result packet_id is not the latest worker prompt lineage" };
+  }
+  const isMultiAuthority = stringList(packet.authority_owner).length > 1;
+  if (isMultiAuthority) {
+    const hasExplicitPacketLineage = selectedPacket.selectionSource === "implementation_source"
+      && extractPacketIdsFromSource(sourceText).includes(packet.packet_id);
+    if (!hasExplicitPacketLineage) {
+      return { ok: false, reason: "multi-authority post-update proof requires implementation-source packet lineage" };
+    }
+    if (!await hasWaveRemediationArtifact(projectRoot, topicDir, wave.wave_id, results) || !/\bremediat(?:e|ed|ion)\b/iu.test(sourceText)) {
+      return { ok: false, reason: "multi-authority post-update proof requires explicit remediation lineage" };
+    }
+  }
+  const evidenceRefs = extractTopicValidationEvidenceRefs(sourceText, wave.wave_id);
+  if (evidenceRefs.length === 0) {
+    return { ok: false, reason: "implementation source does not cite topic-local validation evidence" };
+  }
+  for (const ref of evidenceRefs) {
+    if (!ref.startsWith(`${path.relative(projectRoot, topicDir).split(path.sep).join("/")}/`)) {
+      return { ok: false, reason: `validation evidence is outside the topic root: ${ref}` };
+    }
+    const evidence = await readJsonRef(projectRoot, ref);
+    if (!evidence || evidence.status !== "pass" || evidence.exit_code !== 0) {
+      return { ok: false, reason: `validation evidence is not a clean pass: ${ref}` };
+    }
+  }
+  if (declaresPostUpdateAmbiguity(sourceText)) {
+    return { ok: false, reason: "implementation source declares authority/scope/gate/product/semantic ambiguity" };
+  }
+  if (!hasRequiredPostUpdateNegativeDeclarations(sourceText)) {
+    return { ok: false, reason: "implementation source does not declare required mutation and shortcut negative checks" };
+  }
+  return { ok: true, evidenceRefs, sourceRef, packetId: packet.packet_id };
+}
+
+export async function buildPostUpdateReviewDecision({ projectRoot, topicDir, topicId, wave, packets, results, policy, commandRef }) {
+  const wavePackets = packets.filter((entry) => entry.packet?.wave_id === wave.wave_id);
+  const specUpdatingPackets = wavePackets.filter((entry) => needsPostUpdateReview(entry.packet, policy));
+  const specUpdatingPacket = specUpdatingPackets[0] ?? null;
   const implementationResult = latestResultOfKind(results, "implementation");
   if (
     !specUpdatingPacket
@@ -92,6 +394,37 @@ export function buildPostUpdateReviewDecision({ topicId, wave, packets, results,
     return null;
   }
   const reviewPolicy = policy.postUpdateReview ?? {};
+  const mechanicalProof = await mechanicalPostUpdateJudgementProof({
+    projectRoot,
+    topicDir,
+    wave,
+    specUpdatingPackets,
+    results,
+    implementationResult,
+  });
+  if (mechanicalProof.ok) {
+    return {
+      stopClass: "continue",
+      recommendedAction: "record_result",
+      reasonCode: "mechanical_post_update_judgement_pass",
+      recommendedDecision: "record_mechanical_post_update_judgement_pass",
+      recommendationRationale: "Post-update evidence proves the implementation stayed inside packet authority and all cited validation checks passed.",
+      expectedArtifacts: [`result-${wave.wave_id}-${reviewPolicy.requiredResultKind}.md`],
+      nextCommandRef: commandRef([
+        "result",
+        "record",
+        topicId,
+        "--kind",
+        reviewPolicy.requiredResultKind,
+        "--verdict",
+        reviewPolicy.passVerdict,
+        "--from",
+        mechanicalProof.sourceRef,
+        "--verified-at",
+        implementationResult.result.verified_at,
+      ]),
+    };
+  }
   return {
     stopClass: "require_human_confirmation",
     recommendedAction: "record_result",
@@ -112,6 +445,11 @@ export function buildPostUpdateReviewDecision({ topicId, wave, packets, results,
       "--verified-at",
       "<utc>",
     ]),
+    blockingChecks: [{
+      ok: false,
+      code: "mechanical_post_update_judgement_not_proven",
+      message: mechanicalProof.reason,
+    }],
   };
 }
 
@@ -139,6 +477,40 @@ export function buildAuthorityConvergenceDecision({ topicId, wave, packet, audit
     };
   }
   if (auditResult?.result?.verdict === policy.passVerdict) {
+    if (packet.packet_kind === "preflight") {
+      return {
+        stopClass: "require_human_confirmation",
+        recommendedAction: "freeze_packet",
+        reasonCode: "preflight_authority_audit_passed_requires_implementation_packet",
+        recommendedDecision: "create_or_select_an_implementation_ready_packet_before_worker_dispatch",
+        recommendationRationale: "The authority convergence audit passed for a preflight packet, but preflight evidence is not implementation admission.",
+        expectedArtifacts: ["packet-<implementation-ready-packet-id>.md"],
+        nextCommandRef: commandRef(["packet", "freeze", topicId, "--from", "<implementation-ready-draft-packet>"]),
+      };
+    }
+    if (wave.state === "preflight_admitted") {
+      return {
+        stopClass: "continue",
+        recommendedAction: "record_result",
+        reasonCode: "implementation_admission_result_required",
+        recommendedDecision: "record_preflight_pass_before_worker_dispatch",
+        recommendationRationale: "The authority convergence audit passed, but the selected wave must explicitly enter implementation admission before worker dispatch.",
+        expectedArtifacts: [`result-${wave.wave_id}-preflight.md`],
+        nextCommandRef: commandRef([
+          "result",
+          "record",
+          topicId,
+          "--kind",
+          "preflight",
+          "--verdict",
+          policy.passVerdict,
+          "--from",
+          auditResult.result.source_ref ?? "<authority-convergence-audit-source>",
+          "--verified-at",
+          auditResult.result.verified_at ?? "<utc>",
+        ]),
+      };
+    }
     return {
       stopClass: "continue",
       recommendedAction: "dispatch_worker",
@@ -247,6 +619,29 @@ export async function buildPreImplementationDecision({
         commandRef,
       });
     }
+    if (wave.state === "preflight_admitted") {
+      return {
+        stopClass: "require_human_confirmation",
+        recommendedAction: "record_result",
+        reasonCode: "implementation_admission_result_required",
+        recommendedDecision: "record_preflight_pass_before_worker_dispatch",
+        recommendationRationale: "A dispatchable implementation packet exists, but worker dispatch requires explicit implementation admission evidence.",
+        expectedArtifacts: [`result-${wave.wave_id}-preflight.md`],
+        nextCommandRef: commandRef([
+          "result",
+          "record",
+          loaded.topicId,
+          "--kind",
+          "preflight",
+          "--verdict",
+          "PASS",
+          "--from",
+          "<implementation-readiness-evidence>",
+          "--verified-at",
+          "<utc>",
+        ]),
+      };
+    }
     const decision = dispatchWorkerDecision(loaded.topicId, dispatchable.packet);
     decision.nextCommandRef = commandRef(["worker", "dispatch", loaded.topicId, "--packet", dispatchable.packet.packet_id]);
     return decision;

package/cli/lib/blueprint-audit.mjs

@@ -222,7 +222,11 @@ export async function buildBlueprintAuditPayload(projectRoot, options = {}) {
 
   const kernelMarkdown = compareFileSets(blueprintFiles.kernelMarkdown, canonicalFiles.kernelMarkdown);
   const kernelTables = compareFileSets(blueprintFiles.kernelTables, canonicalFiles.kernelTables);
-  const kernelGenerated = compareFileSets(blueprintFiles.kernelGenerated, canonicalFiles.kernelGenerated);
+  const kernelGenerated = {
+    present: [],
+    missing: [],
+    extra: [],
+  };
   const domainGuides = compareFileSets(blueprintFiles.domainGuides, canonicalFiles.domainGuides);
   const ruleIdPreservation = await compareRuleIds(
     blueprintAbsoluteRoot,
@@ -234,7 +238,6 @@ export async function buildBlueprintAuditPayload(projectRoot, options = {}) {
   const ok = missingDomains.length === 0
     && kernelMarkdown.missing.length === 0
     && kernelTables.missing.length === 0
-    && kernelGenerated.missing.length === 0
     && domainGuides.missing.length === 0
     && ruleIdPreservation.missingRuleIds.length === 0
     && ruleIdPreservation.parseErrors.length === 0
@@ -245,9 +248,6 @@ export async function buildBlueprintAuditPayload(projectRoot, options = {}) {
   if (missingDomains.length > 0 || kernelMarkdown.missing.length > 0 || kernelTables.missing.length > 0 || !indexPresent) {
     nextSteps.push("Copy the missing blueprint structure into `/.nimi/spec/**` before attempting authority cutover.");
   }
-  if (kernelGenerated.missing.length > 0) {
-    nextSteps.push("Regenerate derived kernel docs after canonical blueprint content is built out.");
-  }
   if (domainGuides.missing.length > 0) {
     nextSteps.push("Thin and map domain guides only after kernel coverage is in place.");
   }

package/cli/lib/closeout.mjs

@@ -42,10 +42,11 @@ function translateCloseoutReason(reason) {
     ["Non-completed outcomes may be projected as local-only closeout artifacts", "非 completed 的 outcome 可以仅投影为本地 closeout 产物"],
     ["Completed closeout is not allowed in the current lifecycle state", "当前生命周期状态不允许完成该 closeout"],
     ["Completed closeout requires declared canonical tree files to be valid", "完成 closeout 需要声明的 canonical tree 文件有效"],
-    ["Completed closeout requires a valid `.nimi/spec/_meta/spec-generation-audit.yaml` artifact", "完成 closeout 需要一个有效的 `.nimi/spec/_meta/spec-generation-audit.yaml` 产物"],
+    ["Completed closeout requires a valid `.nimi/local/state/spec-generation/spec-generation-audit.yaml` artifact", "完成 closeout 需要一个有效的 `.nimi/local/state/spec-generation/spec-generation-audit.yaml` 产物"],
     ["Completed doc_spec_audit closeout must compare against `.nimi/spec`", "完成 doc_spec_audit closeout 时必须对 `.nimi/spec` 进行比较"],
     ["Completed high_risk_execution closeout requires canonical admissions truth to remain `.nimi/spec/high-risk-admissions.yaml`", "完成 high_risk_execution closeout 需要 canonical admissions truth 继续落在 `.nimi/spec/high-risk-admissions.yaml`"],
     ["Completed closeout is consistent with the current canonical tree state", "completed closeout 与当前 canonical tree 状态一致"],
+    ["Imported spec_reconstruction summary must match active spec-generation audit coverage", "导入的 spec_reconstruction 摘要必须与当前 spec-generation audit 覆盖情况一致"],
   ]);
 
   if (translations.has(reason)) {
@@ -250,7 +251,8 @@ async function synthesizeSpecReconstructionSummary(projectRoot, doctorResult, ve
 
   return {
     generated_paths: generatedPaths,
-    audit_ref: ".nimi/spec/_meta/spec-generation-audit.yaml",
+    audit_ref: ".nimi/local/state/spec-generation/spec-generation-audit.yaml",
+    placement_report_ref: ".nimi/local/state/spec-surface/current-inventory.json",
     coverage_summary: {
       complete_files: Math.max(generatedPaths.length - partialFiles - placeholderFiles, 0),
       partial_files: partialFiles,
@@ -266,6 +268,44 @@ async function synthesizeSpecReconstructionSummary(projectRoot, doctorResult, ve
   };
 }
 
+async function validateSpecReconstructionSummaryAgainstAudit(projectRoot, summary, doctorResult) {
+  if (!summary) {
+    return { ok: true };
+  }
+
+  const generatedPaths = await collectSpecPaths(path.join(projectRoot, ".nimi", "spec"), ".nimi/spec");
+  const auditSummary = doctorResult.specGenerationAudit?.summary ?? {};
+  const unresolvedFileCount = Number.isInteger(auditSummary.unresolvedFiles) ? auditSummary.unresolvedFiles : 0;
+  const inferredFileCount = Number.isInteger(auditSummary.inferredFiles) ? auditSummary.inferredFiles : 0;
+  const placeholderFiles = Number.isInteger(auditSummary.placeholderFiles) ? auditSummary.placeholderFiles : 0;
+  const partialFiles = Number.isInteger(auditSummary.partialFiles) ? auditSummary.partialFiles : unresolvedFileCount;
+  const shouldBePartial = partialFiles > 0 || unresolvedFileCount > 0 || inferredFileCount > 0;
+  const expectedStatus = doctorResult.specGenerationAudit?.ok && !shouldBePartial ? "reconstructed" : "partial";
+  const expectedCompleteUpperBound = Math.max(generatedPaths.length - partialFiles - placeholderFiles, 0);
+
+  const coverageSummary = isPlainObject(summary.coverage_summary) ? summary.coverage_summary : {};
+  const summaryPartialFiles = Number.isInteger(coverageSummary.partial_files) ? coverageSummary.partial_files : null;
+  const summaryPlaceholderFiles = Number.isInteger(coverageSummary.placeholder_files) ? coverageSummary.placeholder_files : null;
+  const summaryCompleteFiles = Number.isInteger(coverageSummary.complete_files) ? coverageSummary.complete_files : null;
+  const summaryUnresolvedCount = Number.isInteger(summary.unresolved_file_count) ? summary.unresolved_file_count : null;
+  const summaryInferredCount = Number.isInteger(summary.inferred_file_count) ? summary.inferred_file_count : null;
+
+  const matchesAudit =
+    summary.status === expectedStatus &&
+    summaryPartialFiles === partialFiles &&
+    summaryPlaceholderFiles === placeholderFiles &&
+    summaryUnresolvedCount === unresolvedFileCount &&
+    summaryInferredCount === inferredFileCount &&
+    (summaryCompleteFiles === null || summaryCompleteFiles <= expectedCompleteUpperBound);
+
+  return matchesAudit
+    ? { ok: true }
+    : {
+      ok: false,
+      reason: "Imported spec_reconstruction summary must match active spec-generation audit coverage",
+    };
+}
+
 function evaluateCloseoutReadiness(skillId, outcome, doctorResult, summary) {
   if (outcome !== "completed") {
     if (!doctorResult.ok || !doctorResult.handoffReadiness.ok) {
@@ -280,6 +320,41 @@ function evaluateCloseoutReadiness(skillId, outcome, doctorResult, summary) {
     };
   }
 
+  const usesV2SurfaceModel = doctorResult.specGenerationInputs?.mode === "class_filtered";
+  if (usesV2SurfaceModel && (doctorResult.commandGating?.entries ?? []).length === 0) {
+    if (!doctorResult.ok || !doctorResult.handoffReadiness.ok) {
+      return {
+        ok: false,
+        reason: "Bootstrap or handoff validation is failing; repair doctor errors before projecting closeout results",
+      };
+    }
+    if (doctorResult.canonicalTree?.requiredFilesValid !== true) {
+      return {
+        ok: false,
+        reason: "Completed closeout requires declared canonical tree files to be valid",
+      };
+    }
+    if (doctorResult.specGenerationAudit?.ok !== true) {
+      return {
+        ok: false,
+        reason: "Completed closeout requires a valid `.nimi/local/state/spec-generation/spec-generation-audit.yaml` artifact",
+      };
+    }
+    if (skillId === "doc_spec_audit") {
+      const comparedPaths = Array.isArray(summary?.compared_paths) ? summary.compared_paths : [];
+      if (!comparedPaths.includes(".nimi/spec")) {
+        return {
+          ok: false,
+          reason: "Completed doc_spec_audit closeout must compare against `.nimi/spec`",
+        };
+      }
+    }
+    return {
+      ok: true,
+      reason: "Completed closeout is consistent with the current canonical tree state",
+    };
+  }
+
   const rule = (doctorResult.commandGating?.entries ?? []).find((entry) => entry.command === "closeout" && entry.skill === skillId) ?? null;
   if (!rule?.completedRequires) {
     return {
@@ -306,7 +381,7 @@ function evaluateCloseoutReadiness(skillId, outcome, doctorResult, summary) {
   if (rule.completedRequires.spec_generation_audit_valid === true && doctorResult.specGenerationAudit?.ok !== true) {
     return {
       ok: false,
-      reason: "Completed closeout requires a valid `.nimi/spec/_meta/spec-generation-audit.yaml` artifact",
+      reason: "Completed closeout requires a valid `.nimi/local/state/spec-generation/spec-generation-audit.yaml` artifact",
     };
   }
 
@@ -520,6 +595,7 @@ export async function buildCloseoutPayload(projectRoot, options) {
       ok: false,
       exitCode: 2,
       inputError: true,
+      readiness: null,
       error: `${localize(
         `nimicoding closeout refused: ${summaryValidation.reason}.`,
         `nimicoding closeout 已拒绝：${translateCloseoutReason(summaryValidation.reason)}。`,
@@ -537,6 +613,7 @@ export async function buildCloseoutPayload(projectRoot, options) {
       ok: false,
       exitCode: 2,
       inputError: true,
+      readiness: null,
       error: `${localize(
         `nimicoding closeout refused: ${statusConsistency.reason}.`,
         `nimicoding closeout 已拒绝：${translateCloseoutReason(statusConsistency.reason)}。`,
@@ -544,6 +621,52 @@ export async function buildCloseoutPayload(projectRoot, options) {
     };
   }
 
+  if (options.skill === "spec_reconstruction" && options.outcome === "completed") {
+    // Canonical tree must be intact before audit-coverage comparison; a
+    // missing domain kernel file is a readiness fail with its own reason.
+    if (doctorResult.canonicalTree?.requiredFilesValid !== true) {
+      const reason = "Completed closeout requires declared canonical tree files to be valid";
+      return {
+        ok: false,
+        exitCode: 1,
+        readiness: { ok: false, reason },
+        error: `${localize(
+          `nimicoding closeout refused: ${reason}.`,
+          `nimicoding closeout 已拒绝：${translateCloseoutReason(reason)}。`,
+        )}\n`,
+      };
+    }
+    if (doctorResult.specGenerationAudit?.ok !== true) {
+      const reason = "Completed closeout requires a valid `.nimi/local/state/spec-generation/spec-generation-audit.yaml` artifact";
+      return {
+        ok: false,
+        exitCode: 1,
+        readiness: { ok: false, reason },
+        error: `${localize(
+          `nimicoding closeout refused: ${reason}.`,
+          `nimicoding closeout 已拒绝：${translateCloseoutReason(reason)}。`,
+        )}\n`,
+      };
+    }
+    const auditConsistency = await validateSpecReconstructionSummaryAgainstAudit(
+      projectRoot,
+      effectiveSummary,
+      doctorResult,
+    );
+    if (!auditConsistency.ok) {
+      return {
+        ok: false,
+        exitCode: 2,
+        inputError: true,
+        readiness: null,
+        error: `${localize(
+          `nimicoding closeout refused: ${auditConsistency.reason}.`,
+          `nimicoding closeout 已拒绝：${translateCloseoutReason(auditConsistency.reason)}。`,
+        )}\n`,
+      };
+    }
+  }
+
   const readiness = evaluateCloseoutReadiness(options.skill, options.outcome, doctorResult, effectiveSummary);
   const localArtifactPath = path.join(projectRoot, ".nimi", "local", "handoff-results", `${options.skill}.json`);
   const payload = {