@onlooker-community/ecosystem 0.24.0 → 0.25.0

package/plugins/assayer/scripts/lib/assayer-config.sh

@@ -0,0 +1,88 @@
+#!/usr/bin/env bash
+# Config loading for Assayer.
+# Reads the repo's .claude/settings.json assayer.* keys, falling back to the
+# plugin's own config.json defaults.
+
+_ASSAYER_CONFIG_JSON=""
+_ASSAYER_PLUGIN_CONFIG_JSON=""
+
+assayer_config_load() {
+	local repo_root="${1:-}"
+
+	_ASSAYER_PLUGIN_CONFIG_JSON=""
+	local plugin_config="${CLAUDE_PLUGIN_ROOT:-}/config.json"
+	if [[ -f "$plugin_config" ]]; then
+		_ASSAYER_PLUGIN_CONFIG_JSON=$(cat "$plugin_config" 2>/dev/null) || _ASSAYER_PLUGIN_CONFIG_JSON=""
+	fi
+
+	_ASSAYER_CONFIG_JSON=""
+	if [[ -n "$repo_root" ]]; then
+		local settings_file="${repo_root}/.claude/settings.json"
+		if [[ -f "$settings_file" ]]; then
+			local settings
+			settings=$(cat "$settings_file" 2>/dev/null) || settings=""
+			local block
+			block=$(printf '%s' "$settings" | jq -c '.assayer // empty' 2>/dev/null) || block=""
+			[[ -n "$block" ]] && _ASSAYER_CONFIG_JSON="$block"
+		fi
+	fi
+}
+
+# Get a single scalar value. Checks settings.json first, then plugin config.json.
+assayer_config_get() {
+	local key="$1"
+
+	if [[ -n "$_ASSAYER_CONFIG_JSON" ]]; then
+		local val
+		val=$(printf '%s' "$_ASSAYER_CONFIG_JSON" | jq -r "${key} // empty" 2>/dev/null) || val=""
+		[[ -n "$val" && "$val" != "null" ]] && {
+			printf '%s' "$val"
+			return 0
+		}
+	fi
+
+	if [[ -n "$_ASSAYER_PLUGIN_CONFIG_JSON" ]]; then
+		local val
+		val=$(printf '%s' "$_ASSAYER_PLUGIN_CONFIG_JSON" | jq -r ".assayer${key} // empty" 2>/dev/null) || val=""
+		[[ -n "$val" && "$val" != "null" ]] && {
+			printf '%s' "$val"
+			return 0
+		}
+	fi
+}
+
+assayer_config_enabled() {
+	local val
+	val=$(assayer_config_get '.enabled')
+	[[ "$val" == "true" ]]
+}
+
+assayer_config_model() {
+	local val
+	val=$(assayer_config_get '.evaluation.model')
+	printf '%s' "${val:-claude-haiku-4-5-20251001}"
+}
+
+assayer_config_timeout() {
+	local val
+	val=$(assayer_config_get '.evaluation.timeout_seconds')
+	printf '%s' "${val:-60}"
+}
+
+assayer_config_max_claims() {
+	local val
+	val=$(assayer_config_get '.max_claims')
+	printf '%s' "${val:-12}"
+}
+
+assayer_config_min_confidence() {
+	local val
+	val=$(assayer_config_get '.min_confidence')
+	printf '%s' "${val:-0.5}"
+}
+
+assayer_config_final_message_chars() {
+	local val
+	val=$(assayer_config_get '.final_message_chars')
+	printf '%s' "${val:-6000}"
+}

package/plugins/assayer/scripts/lib/assayer-events.sh

@@ -0,0 +1,85 @@
+#!/usr/bin/env bash
+# Canonical assayer.* event emission.
+# Thin wrapper around the ecosystem plugin's onlooker-event.mjs `emit` mode.
+# Every emission is validated against @onlooker-community/schema before being
+# appended to ~/.onlooker/logs/onlooker-events.jsonl.
+#
+# Usage:
+#   assayer_emit_event "assayer.audit.started" '{"audit_id":"...","claim_count":3}'
+
+_ASSAYER_PLUGIN_NAME="assayer"
+
+_assayer_event_js_path() {
+	if [[ -n "${_ONLOOKER_EVENT_JS:-}" && -f "$_ONLOOKER_EVENT_JS" ]]; then
+		printf '%s' "$_ONLOOKER_EVENT_JS"
+		return 0
+	fi
+	local plugin_root="${CLAUDE_PLUGIN_ROOT:-}"
+	local candidates=(
+		"${plugin_root}/scripts/lib/onlooker-event.mjs"
+		"${plugin_root}/../../scripts/lib/onlooker-event.mjs"
+	)
+	local c
+	for c in "${candidates[@]}"; do
+		[[ -f "$c" ]] && {
+			printf '%s' "$c"
+			return 0
+		}
+	done
+	return 1
+}
+
+_assayer_session_id() {
+	if [[ -n "${_HOOK_SESSION_ID:-}" ]]; then
+		printf '%s' "$_HOOK_SESSION_ID"
+		return 0
+	fi
+	if [[ -n "${CLAUDE_SESSION_ID:-}" ]]; then
+		printf '%s' "$CLAUDE_SESSION_ID"
+		return 0
+	fi
+	printf 'unknown'
+}
+
+# Emit a single assayer.* event. Returns 0 on success, non-zero on failure.
+assayer_emit_event() {
+	local event_type="${1:-}"
+	local payload="${2:-}"
+
+	[[ -z "$event_type" || -z "$payload" ]] && return 1
+
+	local event_js
+	event_js=$(_assayer_event_js_path) || {
+		printf 'assayer-events: cannot locate onlooker-event.mjs\n' >&2
+		return 1
+	}
+
+	local session_id
+	session_id=$(_assayer_session_id)
+
+	local params
+	params=$(jq -n \
+		--arg plugin "$_ASSAYER_PLUGIN_NAME" \
+		--arg sid "$session_id" \
+		--arg type "$event_type" \
+		--argjson payload "$payload" \
+		'{plugin: $plugin, session_id: $sid, event_type: $type, payload: $payload}' \
+		2>/dev/null) || return 1
+
+	local event stderr_file
+	stderr_file=$(mktemp -t assayer-event-err.XXXXXX 2>/dev/null) || stderr_file="/tmp/assayer-event-err.$$"
+	event=$(printf '%s' "$params" \
+		| ONLOOKER_DIR="${ONLOOKER_DIR:-$HOME/.onlooker}" \
+			ONLOOKER_PLUGIN_NAME="$_ASSAYER_PLUGIN_NAME" \
+			node "$event_js" emit 2>"$stderr_file") || {
+		printf 'assayer_emit_event: schema validation failed for %s\n' "$event_type" >&2
+		[[ -s "$stderr_file" ]] && cat "$stderr_file" >&2
+		rm -f "$stderr_file"
+		return 1
+	}
+	rm -f "$stderr_file"
+
+	local log_path="${ONLOOKER_EVENTS_LOG:-${ONLOOKER_DIR:-$HOME/.onlooker}/logs/onlooker-events.jsonl}"
+	mkdir -p "$(dirname "$log_path")" 2>/dev/null || return 1
+	printf '%s\n' "$event" >>"$log_path"
+}

package/plugins/assayer/scripts/lib/assayer-extract.sh

@@ -0,0 +1,87 @@
+#!/usr/bin/env bash
+# Claim extraction for Assayer.
+#
+# The language-understanding half of the plugin: an LLM reads the agent's
+# final message and pulls out *testable success claims* — assertions that some
+# command or check succeeded ("I ran the tests, they pass", "the build is
+# green", "lint is clean"). Each claim is tagged with a type and a
+# command_keyword that the deterministic verifier (assayer-verify.sh) uses to
+# locate the command that would corroborate or contradict it.
+#
+# The LLM does not judge truth — it only identifies claims and what command
+# would settle them. The factual cross-check is pure bash, so it stays
+# deterministic and testable.
+
+# Write the extraction prompt for a final assistant message to stdout.
+#   $1 — final assistant message text
+#   $2 — max_claims
+assayer_build_extraction_prompt() {
+	local message="${1:-}"
+	local max_claims="${2:-12}"
+
+	printf '%s\n' 'You are auditing an AI coding agent'"'"'s final message to its user.'
+	printf '%s\n' 'Extract every TESTABLE SUCCESS CLAIM: a statement asserting that a command,'
+	printf '%s\n' 'test, build, lint, or type check was run and SUCCEEDED. Ignore plans, intentions,'
+	printf '%s\n' 'hedged statements ("should pass"), and claims about code that no shell command'
+	printf '%s\n' 'could confirm.'
+	printf '\n'
+	printf '%s\n' 'Return JSON only — no prose, no markdown fences. A JSON array, possibly empty:'
+	printf '%s\n' '['
+	printf '%s\n' '  {'
+	printf '%s\n' '    "text": "the exact claim, quoted from the message",'
+	printf '%s\n' '    "type": "tests_pass|build_succeeds|lint_clean|types_check|command_succeeds|generic",'
+	printf '%s\n' '    "command_keyword": "a lowercase substring you expect in the verifying shell command, e.g. test, build, lint, tsc",'
+	printf '%s\n' '    "confidence": 0.0..1.0'
+	printf '%s\n' '  }'
+	printf '%s\n' ']'
+	printf '\n'
+	printf '%s\n' "Extract at most ${max_claims} claims, highest-confidence first."
+	printf '\n'
+	printf '%s\n' '---AGENT FINAL MESSAGE---'
+	printf '%s\n' "$message"
+	printf '%s\n' '---END MESSAGE---'
+}
+
+# Parse a claude -p response into a clean JSON array of claims.
+# Strips markdown fences, validates it is a JSON array, and drops malformed
+# entries. Echoes a compact JSON array (or "[]").
+#   $1 — raw response text
+assayer_parse_claims() {
+	local raw="${1:-}"
+	[[ -z "$raw" ]] && {
+		printf '[]'
+		return 0
+	}
+
+	# Strip leading/trailing markdown fences if present.
+	local clean
+	clean=$(printf '%s' "$raw" | sed -e 's/^```json//' -e 's/^```//' -e 's/```$//')
+
+	# Validate as a JSON array; keep only well-formed claim objects with a
+	# non-empty text and a recognized type.
+	local parsed
+	parsed=$(printf '%s' "$clean" | jq -c '
+		if type == "array" then
+			[ .[]
+			  | select(type == "object")
+			  | select((.text // "") != "")
+			  | {
+				  text: .text,
+				  type: (
+					if (.type // "") | test("^(tests_pass|build_succeeds|lint_clean|types_check|command_succeeds|generic)$")
+					then .type else "generic" end
+				  ),
+				  command_keyword: ((.command_keyword // "") | ascii_downcase),
+				  confidence: (
+					if (.confidence | type) == "number" then .confidence else 0.6 end
+				  )
+				}
+			]
+		else
+			[]
+		end
+	' 2>/dev/null) || parsed="[]"
+
+	[[ -z "$parsed" || "$parsed" == "null" ]] && parsed="[]"
+	printf '%s' "$parsed"
+}

package/plugins/assayer/scripts/lib/assayer-project-key.sh

@@ -0,0 +1,69 @@
+#!/usr/bin/env bash
+# Project key derivation for Assayer.
+# Mirrors echo/archivist/tribunal: stable 12-char hex key derived from the git
+# remote or repo root, surviving renames, clones, and worktrees.
+
+_assayer_sha256_first12() {
+	local input="$1"
+	if command -v shasum >/dev/null 2>&1; then
+		printf '%s' "$input" | shasum -a 256 2>/dev/null | cut -c1-12
+	elif command -v sha256sum >/dev/null 2>&1; then
+		printf '%s' "$input" | sha256sum 2>/dev/null | cut -c1-12
+	else
+		return 1
+	fi
+}
+
+assayer_project_remote_url() {
+	local cwd="${1:-}"
+	[[ -z "$cwd" || ! -d "$cwd" ]] && return 0
+	git -C "$cwd" remote get-url origin 2>/dev/null || true
+}
+
+assayer_project_repo_root() {
+	local cwd="${1:-}"
+	[[ -z "$cwd" || ! -d "$cwd" ]] && return 0
+
+	if ! git -C "$cwd" rev-parse --is-inside-work-tree >/dev/null 2>&1; then
+		return 0
+	fi
+
+	local common_dir toplevel
+	common_dir=$(git -C "$cwd" rev-parse --git-common-dir 2>/dev/null) || return 0
+
+	if [[ -n "$common_dir" && "$common_dir" != /* ]]; then
+		common_dir="$(cd "$cwd" && cd "$common_dir" 2>/dev/null && pwd -P)" || common_dir=""
+	fi
+
+	if [[ -n "$common_dir" && -d "$common_dir" ]]; then
+		toplevel="$(cd "$common_dir/.." 2>/dev/null && pwd -P)" || toplevel=""
+	fi
+
+	if [[ -z "$toplevel" ]]; then
+		toplevel=$(git -C "$cwd" rev-parse --show-toplevel 2>/dev/null || true)
+		[[ -n "$toplevel" ]] && toplevel="$(cd "$toplevel" 2>/dev/null && pwd -P)"
+	fi
+
+	printf '%s' "$toplevel"
+}
+
+assayer_project_key() {
+	local cwd="${1:-}"
+	[[ -z "$cwd" ]] && cwd="$(pwd)"
+
+	local remote
+	remote=$(assayer_project_remote_url "$cwd")
+	if [[ -n "$remote" ]]; then
+		_assayer_sha256_first12 "remote:$remote"
+		return 0
+	fi
+
+	local root
+	root=$(assayer_project_repo_root "$cwd")
+	if [[ -n "$root" ]]; then
+		_assayer_sha256_first12 "root:$root"
+		return 0
+	fi
+
+	return 0
+}

package/plugins/assayer/scripts/lib/assayer-transcript.sh

@@ -0,0 +1,99 @@
+#!/usr/bin/env bash
+# Transcript reader for Assayer.
+#
+# The Stop hook payload carries `transcript_path` — a JSONL file already
+# committed to disk before Stop fires (same field tribunal and compass read).
+# Assayer needs two things from it:
+#
+#   1. The final assistant message — the text the agent left the user with,
+#      where claims like "I ran the tests, they pass" live.
+#   2. The session's Bash commands paired with their result status — the
+#      factual record to check those claims against.
+#
+# Claude Code transcripts represent a Bash invocation as a `tool_use` block
+# (name "Bash", with `.input.command`) on an assistant line, and its outcome
+# as a `tool_result` block on a following user line carrying the same
+# `tool_use_id` and an `is_error` flag. There is no per-call numeric exit code
+# in the transcript, so `is_error` is the success/failure signal.
+
+# Echo the final assistant message text (text blocks of the last assistant
+# turn that contains any), truncated to max_chars. Empty if unavailable.
+#   $1 — transcript_path
+#   $2 — max_chars (default 6000)
+assayer_final_assistant_message() {
+	local transcript_path="${1:-}"
+	local max_chars="${2:-6000}"
+
+	[[ -f "$transcript_path" ]] || return 0
+
+	local text
+	text=$(jq -s -r '
+		[ .[]
+		  | select(.type == "assistant")
+		  | select(any(.message.content[]?; .type == "text"))
+		]
+		| last
+		| if . == null then ""
+		  else [ .message.content[]? | select(.type == "text") | .text ] | join("\n")
+		  end
+	' "$transcript_path" 2>/dev/null) || text=""
+
+	[[ -z "$text" ]] && return 0
+	printf '%s' "${text:0:$max_chars}"
+}
+
+# Echo a JSON array of the session's Bash commands paired with result status:
+#   [ { "command": "...", "is_error": true|false, "excerpt": "..." }, ... ]
+# Ordered as they appear in the transcript. `is_error` is false when the
+# matching tool_result is absent or its is_error flag is not true.
+#   $1 — transcript_path
+assayer_collect_commands() {
+	local transcript_path="${1:-}"
+
+	[[ -f "$transcript_path" ]] || {
+		printf '[]'
+		return 0
+	}
+
+	local out
+	out=$(jq -s -c '
+		(
+			[ .[]
+			  | select(.type == "assistant")
+			  | .message.content[]?
+			  | select(.type == "tool_use" and .name == "Bash")
+			  | { id: .id, command: (.input.command // "") }
+			]
+		) as $calls
+		|
+		(
+			[ .[]
+			  | select(.type == "user")
+			  | .message.content[]?
+			  | select(.type == "tool_result")
+			  | {
+				  id: .tool_use_id,
+				  is_error: (.is_error == true),
+				  excerpt: (
+					if (.content | type) == "string" then .content
+					elif (.content | type) == "array" then
+					  ([ .content[]? | select(.type == "text") | .text ] | join("\n"))
+					else "" end
+				  )
+				}
+			]
+		) as $results
+		|
+		[ $calls[]
+		  | . as $c
+		  | {
+			  command: $c.command,
+			  is_error: (first($results[] | select(.id == $c.id) | .is_error) // false),
+			  excerpt: ((first($results[] | select(.id == $c.id) | .excerpt) // "")[0:240])
+			}
+		]
+	' "$transcript_path" 2>/dev/null) || out=""
+
+	[[ -z "$out" || "$out" == "null" ]] && out="[]"
+	printf '%s' "$out"
+}

package/plugins/assayer/scripts/lib/assayer-ulid.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+# Minimal ULID generator for Assayer audit_id values.
+# Crockford Base32, lexicographically sortable, time-ordered.
+
+_ASSAYER_ULID_ALPHABET="0123456789ABCDEFGHJKMNPQRSTVWXYZ"
+
+_assayer_ulid_encode() {
+	local n="$1"
+	local len="$2"
+	local out=""
+	local i
+	for ((i = 0; i < len; i++)); do
+		out="${_ASSAYER_ULID_ALPHABET:$((n % 32)):1}${out}"
+		n=$((n / 32))
+	done
+	printf '%s' "$out"
+}
+
+assayer_ulid() {
+	local now_ms
+	if [[ "$(uname)" == "Darwin" ]]; then
+		now_ms=$(python3 -c 'import time; print(int(time.time() * 1000))' 2>/dev/null) \
+			|| now_ms=$(($(date +%s) * 1000))
+	else
+		now_ms=$(date +%s%3N 2>/dev/null) || now_ms=$(($(date +%s) * 1000))
+	fi
+
+	local rand_hex rand_hi rand_lo
+	rand_hex=$(openssl rand -hex 10 2>/dev/null)
+	if [[ -n "$rand_hex" && ${#rand_hex} -eq 20 ]]; then
+		rand_hi=$((16#${rand_hex:0:10}))
+		rand_lo=$((16#${rand_hex:10:10}))
+	else
+		rand_hi=$((RANDOM * 32768 + RANDOM))
+		rand_lo=$((RANDOM * 32768 + RANDOM))
+		rand_hi=$(((rand_hi * 256 + RANDOM % 256) & ((1 << 40) - 1)))
+		rand_lo=$(((rand_lo * 256 + RANDOM % 256) & ((1 << 40) - 1)))
+	fi
+
+	local ts_part hi_part lo_part
+	ts_part=$(_assayer_ulid_encode "$now_ms" 10)
+	hi_part=$(_assayer_ulid_encode "$rand_hi" 8)
+	lo_part=$(_assayer_ulid_encode "$rand_lo" 8)
+
+	printf '%s%s%s' "$ts_part" "$hi_part" "$lo_part"
+}

package/plugins/assayer/scripts/lib/assayer-verify.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+# Claim verification for Assayer.
+#
+# The deterministic half: given a claim (with a type and command_keyword) and
+# the session's Bash commands paired with their is_error status, locate the
+# command that would settle the claim and classify it. No LLM, no randomness —
+# the same inputs always produce the same verdict.
+#
+# Matching: a claim type implies keywords (tests_pass -> "test", build_succeeds
+# -> "build", ...); the LLM-supplied command_keyword is added. The MOST RECENT
+# command containing any keyword wins, because an agent may fix and re-run, and
+# the last run reflects the final state the claim describes.
+#
+# Verdicts:
+#   corroborated  — matching command succeeded (is_error false)
+#   contradicted  — matching command failed (is_error true)
+#   unverified    — no matching command (reason no_matching_command), or the
+#                   claim implies no checkable command (reason ambiguous)
+
+# Classify a single claim against the collected commands.
+# Echoes a JSON object: { verdict, evidence_command?, is_error?, excerpt?, reason? }
+#   $1 — claim JSON object
+#   $2 — commands JSON array (from assayer_collect_commands)
+assayer_classify_claim() {
+	local claim="${1:-}"
+	local commands="${2:-[]}"
+
+	[[ -z "$claim" ]] && {
+		printf '{"verdict":"unverified","reason":"ambiguous"}'
+		return 0
+	}
+	[[ -z "$commands" || "$commands" == "null" ]] && commands="[]"
+
+	local result
+	result=$(jq -n \
+		--argjson claim "$claim" \
+		--argjson commands "$commands" '
+		def keywords:
+			($claim.type // "generic") as $t
+			| ( if $t == "tests_pass" then ["test"]
+				elif $t == "build_succeeds" then ["build"]
+				elif $t == "lint_clean" then ["lint"]
+				elif $t == "types_check" then ["tsc", "typecheck", "type-check", "types"]
+				else [] end ) as $base
+			| ($base + (if (($claim.command_keyword // "") | length) > 0 then [$claim.command_keyword] else [] end))
+			| map(ascii_downcase) | map(select(. != "")) | unique;
+
+		keywords as $kw
+		| if ($kw | length) == 0 then
+			{ verdict: "unverified", reason: "ambiguous" }
+		  else
+			[ $commands[]
+			  | . as $c
+			  | select(($c.command | ascii_downcase) as $cmd | any($kw[]; . as $k | $cmd | contains($k)))
+			] as $matches
+			| if ($matches | length) == 0 then
+				{ verdict: "unverified", reason: "no_matching_command" }
+			  else
+				($matches | last) as $m
+				| {
+					verdict: (if $m.is_error then "contradicted" else "corroborated" end),
+					evidence_command: $m.command,
+					is_error: $m.is_error,
+					excerpt: ($m.excerpt // "")
+				  }
+			  end
+		  end
+	' 2>/dev/null) || result=""
+
+	[[ -z "$result" || "$result" == "null" ]] && result='{"verdict":"unverified","reason":"ambiguous"}'
+	printf '%s' "$result"
+}
+
+# Derive the overall audit verdict from the three counts.
+#   $1 — contradicted count
+#   $2 — corroborated count
+#   $3 — unverified count
+assayer_audit_verdict() {
+	local contradicted="${1:-0}"
+	local corroborated="${2:-0}"
+	local unverified="${3:-0}"
+
+	if [[ "$contradicted" -gt 0 ]]; then
+		printf 'contradictions_found'
+	elif [[ "$corroborated" -gt 0 ]]; then
+		printf 'clean'
+	else
+		# No contradictions and nothing corroborated — only unverified (or none).
+		if [[ "$unverified" -gt 0 ]]; then
+			printf 'clean'
+		else
+			printf 'nothing_to_verify'
+		fi
+	fi
+}

package/release-please-config.json

@@ -206,6 +206,22 @@
           "jsonpath": "$.version"
         }
       ]
+    },
+    "plugins/assayer": {
+      "changelog-path": "CHANGELOG.md",
+      "release-type": "simple",
+      "bump-minor-pre-major": true,
+      "bump-patch-for-minor-pre-major": false,
+      "component": "assayer",
+      "draft": false,
+      "prerelease": false,
+      "extra-files": [
+        {
+          "type": "json",
+          "path": ".claude-plugin/plugin.json",
+          "jsonpath": "$.version"
+        }
+      ]
     }
   },
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"

package/test/bats/assayer-config.bats

@@ -0,0 +1,60 @@
+#!/usr/bin/env bats
+
+# Exercises Assayer config loading: defaults and per-project overrides.
+
+setup() {
+	source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+	setup_test_env
+	PLUGIN_ROOT="${REPO_ROOT}/plugins/assayer"
+	export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
+	# shellcheck disable=SC1091
+	source "${PLUGIN_ROOT}/scripts/lib/assayer-config.sh"
+
+	REPO="${BATS_TEST_TMPDIR}/repo"
+	mkdir -p "${REPO}/.claude"
+}
+
+@test "disabled by default (no settings)" {
+	assayer_config_load "$REPO"
+	run assayer_config_enabled
+	[ "$status" -ne 0 ]
+}
+
+@test "enabled when settings opt in" {
+	printf '%s\n' '{"assayer":{"enabled":true}}' >"${REPO}/.claude/settings.json"
+	assayer_config_load "$REPO"
+	run assayer_config_enabled
+	[ "$status" -eq 0 ]
+}
+
+@test "default model is haiku" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_model)" = "claude-haiku-4-5-20251001" ]
+}
+
+@test "model override is honored" {
+	printf '%s\n' '{"assayer":{"evaluation":{"model":"claude-opus-4-8"}}}' >"${REPO}/.claude/settings.json"
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_model)" = "claude-opus-4-8" ]
+}
+
+@test "default max_claims is 12" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_max_claims)" = "12" ]
+}
+
+@test "default min_confidence is 0.5" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_min_confidence)" = "0.5" ]
+}
+
+@test "min_confidence override is honored" {
+	printf '%s\n' '{"assayer":{"min_confidence":0.8}}' >"${REPO}/.claude/settings.json"
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_min_confidence)" = "0.8" ]
+}
+
+@test "default timeout is 60" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_timeout)" = "60" ]
+}