@onlooker-community/ecosystem 0.24.0 → 0.25.1

package/plugins/assayer/scripts/lib/assayer-ulid.sh

@@ -0,0 +1,46 @@
+#!/usr/bin/env bash
+# Minimal ULID generator for Assayer audit_id values.
+# Crockford Base32, lexicographically sortable, time-ordered.
+
+_ASSAYER_ULID_ALPHABET="0123456789ABCDEFGHJKMNPQRSTVWXYZ"
+
+_assayer_ulid_encode() {
+	local n="$1"
+	local len="$2"
+	local out=""
+	local i
+	for ((i = 0; i < len; i++)); do
+		out="${_ASSAYER_ULID_ALPHABET:$((n % 32)):1}${out}"
+		n=$((n / 32))
+	done
+	printf '%s' "$out"
+}
+
+assayer_ulid() {
+	local now_ms
+	if [[ "$(uname)" == "Darwin" ]]; then
+		now_ms=$(python3 -c 'import time; print(int(time.time() * 1000))' 2>/dev/null) \
+			|| now_ms=$(($(date +%s) * 1000))
+	else
+		now_ms=$(date +%s%3N 2>/dev/null) || now_ms=$(($(date +%s) * 1000))
+	fi
+
+	local rand_hex rand_hi rand_lo
+	rand_hex=$(openssl rand -hex 10 2>/dev/null)
+	if [[ -n "$rand_hex" && ${#rand_hex} -eq 20 ]]; then
+		rand_hi=$((16#${rand_hex:0:10}))
+		rand_lo=$((16#${rand_hex:10:10}))
+	else
+		rand_hi=$((RANDOM * 32768 + RANDOM))
+		rand_lo=$((RANDOM * 32768 + RANDOM))
+		rand_hi=$(((rand_hi * 256 + RANDOM % 256) & ((1 << 40) - 1)))
+		rand_lo=$(((rand_lo * 256 + RANDOM % 256) & ((1 << 40) - 1)))
+	fi
+
+	local ts_part hi_part lo_part
+	ts_part=$(_assayer_ulid_encode "$now_ms" 10)
+	hi_part=$(_assayer_ulid_encode "$rand_hi" 8)
+	lo_part=$(_assayer_ulid_encode "$rand_lo" 8)
+
+	printf '%s%s%s' "$ts_part" "$hi_part" "$lo_part"
+}

package/plugins/assayer/scripts/lib/assayer-verify.sh

@@ -0,0 +1,95 @@
+#!/usr/bin/env bash
+# Claim verification for Assayer.
+#
+# The deterministic half: given a claim (with a type and command_keyword) and
+# the session's Bash commands paired with their is_error status, locate the
+# command that would settle the claim and classify it. No LLM, no randomness —
+# the same inputs always produce the same verdict.
+#
+# Matching: a claim type implies keywords (tests_pass -> "test", build_succeeds
+# -> "build", ...); the LLM-supplied command_keyword is added. The MOST RECENT
+# command containing any keyword wins, because an agent may fix and re-run, and
+# the last run reflects the final state the claim describes.
+#
+# Verdicts:
+#   corroborated  — matching command succeeded (is_error false)
+#   contradicted  — matching command failed (is_error true)
+#   unverified    — no matching command (reason no_matching_command), or the
+#                   claim implies no checkable command (reason ambiguous)
+
+# Classify a single claim against the collected commands.
+# Echoes a JSON object: { verdict, evidence_command?, is_error?, excerpt?, reason? }
+#   $1 — claim JSON object
+#   $2 — commands JSON array (from assayer_collect_commands)
+assayer_classify_claim() {
+	local claim="${1:-}"
+	local commands="${2:-[]}"
+
+	[[ -z "$claim" ]] && {
+		printf '{"verdict":"unverified","reason":"ambiguous"}'
+		return 0
+	}
+	[[ -z "$commands" || "$commands" == "null" ]] && commands="[]"
+
+	local result
+	result=$(jq -n \
+		--argjson claim "$claim" \
+		--argjson commands "$commands" '
+		def keywords:
+			($claim.type // "generic") as $t
+			| ( if $t == "tests_pass" then ["test"]
+				elif $t == "build_succeeds" then ["build"]
+				elif $t == "lint_clean" then ["lint"]
+				elif $t == "types_check" then ["tsc", "typecheck", "type-check", "types"]
+				else [] end ) as $base
+			| ($base + (if (($claim.command_keyword // "") | length) > 0 then [$claim.command_keyword] else [] end))
+			| map(ascii_downcase) | map(select(. != "")) | unique;
+
+		keywords as $kw
+		| if ($kw | length) == 0 then
+			{ verdict: "unverified", reason: "ambiguous" }
+		  else
+			[ $commands[]
+			  | . as $c
+			  | select(($c.command | ascii_downcase) as $cmd | any($kw[]; . as $k | $cmd | contains($k)))
+			] as $matches
+			| if ($matches | length) == 0 then
+				{ verdict: "unverified", reason: "no_matching_command" }
+			  else
+				($matches | last) as $m
+				| {
+					verdict: (if $m.is_error then "contradicted" else "corroborated" end),
+					evidence_command: $m.command,
+					is_error: $m.is_error,
+					excerpt: ($m.excerpt // "")
+				  }
+			  end
+		  end
+	' 2>/dev/null) || result=""
+
+	[[ -z "$result" || "$result" == "null" ]] && result='{"verdict":"unverified","reason":"ambiguous"}'
+	printf '%s' "$result"
+}
+
+# Derive the overall audit verdict from the three counts.
+#   $1 — contradicted count
+#   $2 — corroborated count
+#   $3 — unverified count
+assayer_audit_verdict() {
+	local contradicted="${1:-0}"
+	local corroborated="${2:-0}"
+	local unverified="${3:-0}"
+
+	if [[ "$contradicted" -gt 0 ]]; then
+		printf 'contradictions_found'
+	elif [[ "$corroborated" -gt 0 ]]; then
+		printf 'clean'
+	else
+		# No contradictions and nothing corroborated — only unverified (or none).
+		if [[ "$unverified" -gt 0 ]]; then
+			printf 'clean'
+		else
+			printf 'nothing_to_verify'
+		fi
+	fi
+}

package/plugins/cartographer/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "cartographer",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Proactive periodic auditor of the persistent instruction layer (CLAUDE.md, AGENTS.md, .claude/rules/). Discovers all instruction files in the repo, extracts semantic maps, and surfaces contradictions, shadowing, gaps, and drift before they cause expensive agent misbehavior. Builds on the Onlooker ecosystem plugin.",
   "author": {
     "name": "Onlooker Community",

package/plugins/cartographer/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to the Cartographer plugin are documented here.
 
+## [0.2.1](https://github.com/onlooker-community/ecosystem/compare/cartographer-v0.2.0...cartographer-v0.2.1) (2026-06-10)
+
+
+### Bug Fixes
+
+* vendor portable-lock.sh into cartographer and governor ([#73](https://github.com/onlooker-community/ecosystem/issues/73)) ([ab2c354](https://github.com/onlooker-community/ecosystem/commit/ab2c354b131c26cc642ebb51e84a043dc43cbaa1))
+
 ## [0.2.0](https://github.com/onlooker-community/ecosystem/compare/cartographer-v0.1.0...cartographer-v0.2.0) (2026-05-25)
 
 

package/plugins/cartographer/scripts/lib/cartographer-lock.sh

@@ -9,17 +9,27 @@
 #   cartographer_lock_acquire <lock_file>   # returns 0=acquired, 1=timeout
 #   cartographer_lock_release <lock_file>
 
-_CARTOGRAPHER_LOCK_LIB="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../../../scripts/lib" && pwd)/portable-lock.sh"
+# portable-lock.sh is vendored into this plugin's lib dir (a sibling of this
+# file) so cartographer stays self-contained when installed standalone from
+# the marketplace, where the ecosystem repo's top-level scripts/lib/ is absent.
+_CARTOGRAPHER_LOCK_LIB="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/portable-lock.sh"
 
-if [[ ! -f "$_CARTOGRAPHER_LOCK_LIB" ]]; then
-	printf '[cartographer-lock] ERROR: portable-lock.sh not found at %s\n' \
+if [[ -f "$_CARTOGRAPHER_LOCK_LIB" ]]; then
+	# shellcheck source=./portable-lock.sh
+	source "$_CARTOGRAPHER_LOCK_LIB"
+else
+	# The vendored lock should always be present, but if an unexpected
+	# packaging or path issue removes it we must degrade gracefully: the
+	# cartographer hooks are fail-soft and contractually exit 0, so a hard
+	# exit here would crash a session this plugin was only meant to observe.
+	# Define a primitive that always fails to acquire, so the hooks'
+	# `cartographer_lock_acquire ... || exit 0` skips the audit instead.
+	printf '[cartographer-lock] WARN: portable-lock.sh not found at %s; locking disabled, skipping audit\n' \
 		"$_CARTOGRAPHER_LOCK_LIB" >&2
-	exit 1
+	lock_acquire() { return 1; }
+	lock_release() { return 0; }
 fi
 
-# shellcheck source=../../../../scripts/lib/portable-lock.sh
-source "$_CARTOGRAPHER_LOCK_LIB"
-
 cartographer_lock_acquire() {
 	local lock_file="${1:?lock_file required}"
 	mkdir -p "$(dirname "$lock_file")" 2>/dev/null || true

package/plugins/cartographer/scripts/lib/portable-lock.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+# portable-lock.sh — vendored copy of the ecosystem substrate's portable lock.
+#
+# Vendored into the cartographer plugin so the plugin is self-contained when
+# installed standalone from the marketplace: the cache layout
+# (~/.claude/plugins/cache/<owner>/cartographer/<version>/) does not include
+# the ecosystem repo's top-level scripts/lib/, so reaching up to it breaks.
+# This mirrors the per-plugin vendoring of cartographer-ulid.sh and friends.
+# Keep in sync with scripts/lib/portable-lock.sh at the repo root.
+#
+# Portable advisory file locking via mkdir() atomicity.
+#
+# Replaces flock(1), which ships with util-linux on Linux but is not present
+# in stock macOS. This matters because the Onlooker hooks run on user
+# machines, not just in CI: a macOS user without util-linux would otherwise
+# see concurrent writes to $ONLOOKER_DIR silently clobber each other.
+#
+# mkdir() is atomic on POSIX local filesystems, which is the only place
+# $ONLOOKER_DIR ever lives. Network filesystems (NFS) do not guarantee
+# atomicity, but Claude Code state is local-only.
+#
+# Usage:
+#   lock_acquire "/path/to/file.lock" [timeout_seconds=5]
+#   # ... critical section ...
+#   lock_release "/path/to/file.lock"
+#
+# Avoid associative arrays so bash 3.2 (macOS default) keeps working.
+
+# Acquire an exclusive lock at LOCKPATH. Returns 0 on success, 1 on timeout.
+lock_acquire() {
+	local lockpath="${1:-}"
+	local timeout="${2:-5}"
+	[[ -z "$lockpath" ]] && return 1
+
+	local lockdir="${lockpath}.d"
+	local waited=0
+	# Poll at 10 Hz so a 5s timeout = 50 attempts.
+	local max_iter=$((timeout * 10))
+	while ! mkdir "$lockdir" 2>/dev/null; do
+		if ((waited >= max_iter)); then
+			return 1
+		fi
+		# `sleep 0.1` works on Linux + macOS; the `|| sleep 1` is a paranoid
+		# fallback for embedded shells that only accept integer seconds.
+		sleep 0.1 2>/dev/null || sleep 1
+		waited=$((waited + 1))
+	done
+	return 0
+}
+
+# Release the lock previously acquired for LOCKPATH. Safe to call when the
+# lock is not held (no-op in that case).
+lock_release() {
+	local lockpath="${1:-}"
+	[[ -z "$lockpath" ]] && return 0
+	rmdir "${lockpath}.d" 2>/dev/null || true
+}

package/plugins/governor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "governor",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Resource governance and budget enforcement for the Onlooker ecosystem. Tracks per-session token and cost spend, gates Task spawns before they exceed a configurable budget ceiling, and emits governor.* events for audit. Named for the steam-engine governor — a device that regulates output. Builds on the Onlooker ecosystem plugin.",
   "author": {
     "name": "Onlooker Community",

package/plugins/governor/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [0.2.1](https://github.com/onlooker-community/ecosystem/compare/governor-v0.2.0...governor-v0.2.1) (2026-06-10)
+
+
+### Bug Fixes
+
+* vendor portable-lock.sh into cartographer and governor ([#73](https://github.com/onlooker-community/ecosystem/issues/73)) ([ab2c354](https://github.com/onlooker-community/ecosystem/commit/ab2c354b131c26cc642ebb51e84a043dc43cbaa1))
+
 ## [0.2.0](https://github.com/onlooker-community/ecosystem/compare/governor-v0.1.0...governor-v0.2.0) (2026-05-26)
 
 

package/plugins/governor/scripts/hooks/governor-post-tool-use.sh

@@ -24,12 +24,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/hooks/governor-pre-tool-use.sh

@@ -36,12 +36,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/hooks/governor-session-start.sh

@@ -28,12 +28,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/hooks/governor-stop.sh

@@ -25,12 +25,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/lib/portable-lock.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+# portable-lock.sh — vendored copy of the ecosystem substrate's portable lock.
+#
+# Vendored into the governor plugin so the ledger's atomic appends keep
+# working when governor is installed standalone from the marketplace: the
+# cache layout (~/.claude/plugins/cache/<owner>/governor/<version>/) does not
+# include the ecosystem repo's top-level scripts/lib/. Without a local copy,
+# lock_acquire would be undefined and governor_ledger_append would poison the
+# ledger after exhausting its retries. This mirrors the per-plugin vendoring
+# of governor-ulid.sh and friends.
+# Keep in sync with scripts/lib/portable-lock.sh at the repo root.
+#
+# Portable advisory file locking via mkdir() atomicity.
+#
+# Replaces flock(1), which ships with util-linux on Linux but is not present
+# in stock macOS. This matters because the Onlooker hooks run on user
+# machines, not just in CI: a macOS user without util-linux would otherwise
+# see concurrent writes to $ONLOOKER_DIR silently clobber each other.
+#
+# mkdir() is atomic on POSIX local filesystems, which is the only place
+# $ONLOOKER_DIR ever lives. Network filesystems (NFS) do not guarantee
+# atomicity, but Claude Code state is local-only.
+#
+# Usage:
+#   lock_acquire "/path/to/file.lock" [timeout_seconds=5]
+#   # ... critical section ...
+#   lock_release "/path/to/file.lock"
+#
+# Avoid associative arrays so bash 3.2 (macOS default) keeps working.
+
+# Acquire an exclusive lock at LOCKPATH. Returns 0 on success, 1 on timeout.
+lock_acquire() {
+	local lockpath="${1:-}"
+	local timeout="${2:-5}"
+	[[ -z "$lockpath" ]] && return 1
+
+	local lockdir="${lockpath}.d"
+	local waited=0
+	# Poll at 10 Hz so a 5s timeout = 50 attempts.
+	local max_iter=$((timeout * 10))
+	while ! mkdir "$lockdir" 2>/dev/null; do
+		if ((waited >= max_iter)); then
+			return 1
+		fi
+		# `sleep 0.1` works on Linux + macOS; the `|| sleep 1` is a paranoid
+		# fallback for embedded shells that only accept integer seconds.
+		sleep 0.1 2>/dev/null || sleep 1
+		waited=$((waited + 1))
+	done
+	return 0
+}
+
+# Release the lock previously acquired for LOCKPATH. Safe to call when the
+# lock is not held (no-op in that case).
+lock_release() {
+	local lockpath="${1:-}"
+	[[ -z "$lockpath" ]] && return 0
+	rmdir "${lockpath}.d" 2>/dev/null || true
+}

package/release-please-config.json

@@ -206,6 +206,22 @@
           "jsonpath": "$.version"
         }
       ]
+    },
+    "plugins/assayer": {
+      "changelog-path": "CHANGELOG.md",
+      "release-type": "simple",
+      "bump-minor-pre-major": true,
+      "bump-patch-for-minor-pre-major": false,
+      "component": "assayer",
+      "draft": false,
+      "prerelease": false,
+      "extra-files": [
+        {
+          "type": "json",
+          "path": ".claude-plugin/plugin.json",
+          "jsonpath": "$.version"
+        }
+      ]
     }
   },
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"

package/scripts/lib/portable-lock.sh

@@ -4,7 +4,7 @@
 # Replaces flock(1), which ships with util-linux on Linux but is not present
 # in stock macOS. This matters because the Onlooker hooks run on user
 # machines, not just in CI: a macOS user without util-linux would otherwise
-# see every PostToolUse history append silently fail.
+# see concurrent writes to $ONLOOKER_DIR silently clobber each other.
 #
 # mkdir() is atomic on POSIX local filesystems, which is the only place
 # $ONLOOKER_DIR ever lives. Network filesystems (NFS) do not guarantee

package/test/bats/assayer-config.bats

@@ -0,0 +1,60 @@
+#!/usr/bin/env bats
+
+# Exercises Assayer config loading: defaults and per-project overrides.
+
+setup() {
+	source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+	setup_test_env
+	PLUGIN_ROOT="${REPO_ROOT}/plugins/assayer"
+	export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
+	# shellcheck disable=SC1091
+	source "${PLUGIN_ROOT}/scripts/lib/assayer-config.sh"
+
+	REPO="${BATS_TEST_TMPDIR}/repo"
+	mkdir -p "${REPO}/.claude"
+}
+
+@test "disabled by default (no settings)" {
+	assayer_config_load "$REPO"
+	run assayer_config_enabled
+	[ "$status" -ne 0 ]
+}
+
+@test "enabled when settings opt in" {
+	printf '%s\n' '{"assayer":{"enabled":true}}' >"${REPO}/.claude/settings.json"
+	assayer_config_load "$REPO"
+	run assayer_config_enabled
+	[ "$status" -eq 0 ]
+}
+
+@test "default model is haiku" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_model)" = "claude-haiku-4-5-20251001" ]
+}
+
+@test "model override is honored" {
+	printf '%s\n' '{"assayer":{"evaluation":{"model":"claude-opus-4-8"}}}' >"${REPO}/.claude/settings.json"
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_model)" = "claude-opus-4-8" ]
+}
+
+@test "default max_claims is 12" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_max_claims)" = "12" ]
+}
+
+@test "default min_confidence is 0.5" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_min_confidence)" = "0.5" ]
+}
+
+@test "min_confidence override is honored" {
+	printf '%s\n' '{"assayer":{"min_confidence":0.8}}' >"${REPO}/.claude/settings.json"
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_min_confidence)" = "0.8" ]
+}
+
+@test "default timeout is 60" {
+	assayer_config_load "$REPO"
+	[ "$(assayer_config_timeout)" = "60" ]
+}

package/test/bats/assayer-events.bats

@@ -0,0 +1,99 @@
+#!/usr/bin/env bats
+
+# Validates every emitted assayer.* event against @onlooker-community/schema.
+#
+# The assayer.* event types ship in @onlooker-community/schema; until the
+# installed version includes them, these tests skip rather than fail. Once the
+# ecosystem's schema dependency is bumped to a release that carries them, they
+# run for real. See plugins/assayer/README.md (Requirements).
+
+setup() {
+	source "${BATS_TEST_DIRNAME}/../helpers/setup.bash"
+	setup_test_env
+
+	PLUGIN_ROOT="${REPO_ROOT}/plugins/assayer"
+	export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
+	export ONLOOKER_EVENTS_LOG="${ONLOOKER_DIR}/logs/onlooker-events.jsonl"
+	mkdir -p "$(dirname "$ONLOOKER_EVENTS_LOG")"
+
+	export _ONLOOKER_EVENT_JS="${REPO_ROOT}/scripts/lib/onlooker-event.mjs"
+	export CLAUDE_SESSION_ID="bats-session-$$"
+
+	# shellcheck disable=SC1091
+	source "${PLUGIN_ROOT}/scripts/lib/assayer-events.sh"
+}
+
+# Skip when the installed schema predates the assayer.* event types.
+_require_assayer_schema() {
+	if ! grep -q "assayer.audit.started" \
+		"${REPO_ROOT}/node_modules/@onlooker-community/schema/schemas/event.v1.json" 2>/dev/null; then
+		skip "installed @onlooker-community/schema has no assayer.* types yet"
+	fi
+}
+
+_validate_latest_event() {
+	local last
+	last=$(tail -n 1 "$ONLOOKER_EVENTS_LOG")
+	[ -n "$last" ] || return 1
+	printf '%s' "$last" | ONLOOKER_DIR="$ONLOOKER_DIR" \
+		node "${REPO_ROOT}/scripts/lib/onlooker-event.mjs" validate >/dev/null
+}
+
+# Valid 26-char Crockford Base32 ULID (no I, L, O, or U).
+AUDIT_ID="01J0000000000000000000AB34"
+
+@test "assayer.audit.started validates" {
+	_require_assayer_schema
+	local p
+	p=$(jq -n --arg a "$AUDIT_ID" '{audit_id: $a, claim_count: 3, trigger: "stop", command_count: 5}')
+	assayer_emit_event "assayer.audit.started" "$p"
+	run _validate_latest_event
+	[ "$status" -eq 0 ]
+}
+
+@test "assayer.claim.contradicted validates" {
+	_require_assayer_schema
+	local p
+	p=$(jq -n --arg a "$AUDIT_ID" '{
+		audit_id: $a,
+		claim: "I ran the tests and they all pass.",
+		claim_type: "tests_pass",
+		evidence_command: "npm test",
+		result_excerpt: "1 failed, 32 passed",
+		confidence: 0.9
+	}')
+	assayer_emit_event "assayer.claim.contradicted" "$p"
+	run _validate_latest_event
+	[ "$status" -eq 0 ]
+}
+
+@test "assayer.claim.unverified validates" {
+	_require_assayer_schema
+	local p
+	p=$(jq -n --arg a "$AUDIT_ID" '{audit_id: $a, claim: "The deploy is healthy.", claim_type: "generic", reason: "no_matching_command"}')
+	assayer_emit_event "assayer.claim.unverified" "$p"
+	run _validate_latest_event
+	[ "$status" -eq 0 ]
+}
+
+@test "assayer.audit.complete validates" {
+	_require_assayer_schema
+	local p
+	p=$(jq -n --arg a "$AUDIT_ID" '{
+		audit_id: $a, claim_count: 3, corroborated: 1, contradicted: 1,
+		unverified: 1, verdict: "contradictions_found", duration_ms: 4200
+	}')
+	assayer_emit_event "assayer.audit.complete" "$p"
+	run _validate_latest_event
+	[ "$status" -eq 0 ]
+}
+
+@test "emission fails on unknown event type" {
+	run assayer_emit_event "assayer.no.such.event" '{"audit_id":"x"}'
+	[ "$status" -ne 0 ]
+}
+
+@test "assayer_emit_event returns 1 when payload is empty" {
+	run assayer_emit_event "assayer.audit.started" ""
+	[ "$status" -ne 0 ]
+}