@onlooker-community/ecosystem 0.25.0 → 0.25.1

package/.claude-plugin/marketplace.json

@@ -5,26 +5,26 @@
     "email": "community@onlooker.dev"
   },
   "metadata": {
-    "description": "TODO Fill this out"
+    "description": "Composable observability, memory, and quality-gate plugins for Claude Code — all built on the Onlooker ecosystem event substrate."
   },
   "plugins": [
     {
       "name": "ecosystem",
       "source": "./",
-      "description": "Fill this out",
+      "description": "Observability substrate for Claude Code. Provides the shared $ONLOOKER_DIR storage root (default $HOME/.onlooker), canonical schema-validated event emission, session and tool tracking hooks, and prompt rules. Required by all other Onlooker plugins.",
       "author": {
         "name": "Onlooker Community"
       },
       "homepage": "https://onlooker.dev",
       "repository": "https://github.com/onlooker-community/ecosystem",
       "license": "MIT",
-      "keywords": [],
-      "tags": []
+      "keywords": ["observability", "substrate", "events", "hooks", "telemetry"],
+      "tags": ["observability", "substrate"]
     },
     {
       "name": "archivist",
       "source": "./plugins/archivist",
-      "description": "Structured session memory across context truncation. Extracts decisions, dead ends, and open questions on PreCompact and reinjects the most important items at SessionStart. Requires the ecosystem plugin.",
+      "description": "Structured session memory across context truncation: extracts decisions, dead ends, and open questions on PreCompact and reinjects the most important items at SessionStart. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -34,10 +34,23 @@
       "keywords": ["memory", "compaction", "context", "session"],
       "tags": ["memory", "context-engineering"]
     },
+    {
+      "name": "cartographer",
+      "source": "./plugins/cartographer",
+      "description": "Proactive periodic auditor of the persistent instruction layer (CLAUDE.md, AGENTS.md, .claude/rules/). Discovers all instruction files in the repo, extracts semantic maps, and surfaces contradictions, shadowing, gaps, and drift before they cause expensive agent misbehavior. Requires the ecosystem plugin.",
+      "author": {
+        "name": "Onlooker Community"
+      },
+      "homepage": "https://onlooker.dev",
+      "repository": "https://github.com/onlooker-community/ecosystem",
+      "license": "MIT",
+      "keywords": ["instructions", "audit", "claude-md", "agents-md", "drift", "consistency"],
+      "tags": ["instructions", "context-engineering"]
+    },
     {
       "name": "tribunal",
       "source": "./plugins/tribunal",
-      "description": "Multi-agent execution with LLM-as-a-Judge quality gates. An Actor performs work; a jury of typed Judges scores it against a project-overridable rubric; a Meta-Judge reviews the jury for bias; the gate decides accept, retry, or exhaust. Requires the ecosystem plugin.",
+      "description": "Multi-agent execution with LLM-as-a-Judge quality gates. An Actor performs work; a jury of typed Judges scores it against a project-overridable rubric; a Meta-Judge reviews the jury for bias; the gate decides accept, retry, or exhaust. Grounded in LLM-as-a-Judge (Zheng et al. 2023) and LLM-as-a-Meta-Judge (Wu et al. 2024). Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -76,7 +89,7 @@
     {
       "name": "compass",
       "source": "./plugins/compass",
-      "description": "Pre-write intent clarity gate. Intercepts write-class tool calls and samples N=5 parallel evaluators to score intent clarity before allowing writes to proceed. Blocks when confidence is low or evaluators disagree, surfacing a structured clarification prompt. Requires the ecosystem plugin.",
+      "description": "Pre-write intent clarity gate. Intercepts write-class tool calls and requires a confidence threshold before allowing them to proceed. Evaluates the pending write against the prior assistant turn as context to avoid false positives on question-answer turns. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -89,7 +102,7 @@
     {
       "name": "scribe",
       "source": "./plugins/scribe",
-      "description": "Intent documentation from agent activity. Captures why changes were made — problem context, decisions, tradeoffs, and constraints — and distills them into readable Markdown artifacts at session end. Git logs record what changed; scribe records why. Requires the ecosystem plugin.",
+      "description": "Intent documentation from agent activity. Captures why changes were made — problem context, decisions, tradeoffs — and distills them into readable artifacts at session end. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -102,7 +115,7 @@
     {
       "name": "counsel",
       "source": "./plugins/counsel",
-      "description": "Weekly synthesis and recommendations from your full observability stack. Reads all plugin event logs, identifies patterns, surfaces improvement opportunities, and injects a structured brief at session start when the last brief is stale. Turns disparate logs into a coaching signal. Requires the ecosystem plugin.",
+      "description": "Weekly synthesis and recommendations from the full observability stack. Reads all plugin event logs, produces a structured improvement brief, and injects it at session start when the last brief is stale. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -115,7 +128,7 @@
     {
       "name": "warden",
       "source": "./plugins/warden",
-      "description": "Untrusted-content gate. Scans content flowing in through WebFetch and Read for prompt-injection patterns, and when a threat is detected closes a session-scoped gate that blocks Write, Edit, and Bash until the user explicitly clears it. Grounded in Meta's Agents Rule of Two — warden removes the agent's external-actions property while untrusted content is in play. Requires the ecosystem plugin.",
+      "description": "Untrusted-content gate. Scans content flowing in through WebFetch and Read for prompt-injection patterns, and when a threat is detected closes a session-scoped gate that blocks Write, Edit, and Bash until the user explicitly clears it. Grounded in Meta's Agents Rule of Two: an agent should hold no more than two of {private data, external actions, untrusted content} at once — warden removes the external-actions property while untrusted content is in play. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -128,7 +141,7 @@
     {
       "name": "librarian",
       "source": "./plugins/librarian",
-      "description": "Consolidation layer between archivist's per-session artifacts and the user's durable typed memory store. Reads archivist artifacts at SessionEnd, applies a durability filter, classifies survivors via Haiku into the four memory types (user, feedback, project, reference), and queues proposals for explicit confirmation via /librarian review. Auto-promotion is opt-in. Requires the ecosystem plugin.",
+      "description": "Consolidation layer between archivist's per-session artifacts and the user's durable typed memory store. Detects which session decisions, dead-ends, and open questions deserve to live across sessions, classifies them into the user/feedback/project/reference types, and queues them as proposals for explicit confirmation. Auto-promotion is opt-in. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -141,7 +154,7 @@
     {
       "name": "curator",
       "source": "./plugins/curator",
-      "description": "Maintenance layer for the typed auto-memory store. At every SessionStart, runs four cheap heuristic checks against the memories at ~/.claude/projects/<encoded>/memory/ — date_decayed (ISO-8601 dates past the grace period), path_broken (path-shaped references that don't resolve under the repo root), broken_index (MEMORY.md pointing at missing files), and orphaned_memory (files in the dir not referenced from MEMORY.md). Surfaces findings via /curator review; never edits the memory store directly. Parallel to cartographer (which audits hand-maintained instruction files), curator audits the auto-memory substrate. Requires the ecosystem plugin.",
+      "description": "Maintenance layer for the user's typed auto-memory store. At every SessionStart, runs four cheap heuristic checks (date_decayed, path_broken, broken_index, orphaned_memory) against the memories at ~/.claude/projects/<encoded>/memory/ inside a wall-clock budget. Surfaces findings as a one-line pointer to /curator review; never edits the memory store directly. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -154,7 +167,7 @@
     {
       "name": "historian",
       "source": "./plugins/historian",
-      "description": "Episodic memory layer for past Claude Code sessions. At SessionEnd, reads the session transcript, drops tool calls and tool results, chunks the remaining user + assistant turns at turn boundaries with overlap, redacts secret-shaped substrings (AWS keys, GitHub PATs, Anthropic API keys, KEY=value env assignments), and appends one JSONL line per surviving chunk to ~/.onlooker/historian/<project-key>/sessions/<session-id>.jsonl. Future-tense retrieval (vector embeddings + UserPromptSubmit similarity surfacer) lands in a follow-up; this version ships the indexing pipeline only. Requires the ecosystem plugin.",
+      "description": "Episodic memory layer. At SessionEnd, chunks and sanitizes the session transcript and stores chunks under $ONLOOKER_DIR/historian/<project-key>/sessions/ (default $HOME/.onlooker). On UserPromptSubmit, embeds the prompt and performs similarity retrieval over stored chunks to surface relevant past context. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },
@@ -167,7 +180,7 @@
     {
       "name": "assayer",
       "source": "./plugins/assayer",
-      "description": "Claim verification. At session end, parses the agent's final message for testable success claims (\"I ran the tests, they pass\", \"the build is green\") and cross-checks each against the actual command results in the session transcript, classifying it corroborated, contradicted, or unverifiable. Catches lying-without-malice. Advisory by default. Requires the ecosystem plugin.",
+      "description": "Claim verification. At session end, parses the agent's final message for testable claims (\"I ran the tests, they pass\", \"the build is green\") and checks each against the actual command results in the session transcript, classifying it corroborated, contradicted, or unverifiable. Catches lying-without-malice. Advisory by default. Requires the ecosystem plugin.",
       "author": {
         "name": "Onlooker Community"
       },

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "name": "ecosystem",
-  "version": "0.25.0",
-  "description": "Observability substrate for Claude Code. Provides the shared ~/.onlooker/ storage root, canonical schema-validated event emission, session and tool tracking hooks, and prompt rules. Required by all other Onlooker plugins.",
+  "version": "0.25.1",
+  "description": "Observability substrate for Claude Code. Provides the shared $ONLOOKER_DIR storage root (default $HOME/.onlooker), canonical schema-validated event emission, session and tool tracking hooks, and prompt rules. Required by all other Onlooker plugins.",
   "author": {
     "name": "Onlooker Community",
     "url": "https://onlooker.dev"

package/.release-please-manifest.json

@@ -1,10 +1,10 @@
 {
-  ".": "0.25.0",
+  ".": "0.25.1",
   "plugins/archivist": "0.1.0",
   "plugins/tribunal": "1.0.1",
   "plugins/echo": "0.2.0",
-  "plugins/cartographer": "0.2.0",
-  "plugins/governor": "0.2.0",
+  "plugins/cartographer": "0.2.1",
+  "plugins/governor": "0.2.1",
   "plugins/compass": "0.2.0",
   "plugins/scribe": "0.2.1",
   "plugins/counsel": "0.2.0",

package/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [0.25.1](https://github.com/onlooker-community/ecosystem/compare/ecosystem-v0.25.0...ecosystem-v0.25.1) (2026-06-10)
+
+
+### Bug Fixes
+
+* vendor portable-lock.sh into cartographer and governor ([#73](https://github.com/onlooker-community/ecosystem/issues/73)) ([ab2c354](https://github.com/onlooker-community/ecosystem/commit/ab2c354b131c26cc642ebb51e84a043dc43cbaa1))
+
 ## [0.25.0](https://github.com/onlooker-community/ecosystem/compare/ecosystem-v0.24.0...ecosystem-v0.25.0) (2026-06-04)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@onlooker-community/ecosystem",
-  "version": "0.25.0",
+  "version": "0.25.1",
   "description": "Agents, skills, hooks, commands, rules, and MCP configurations that power [Onlooker](https://onlooker.dev)",
   "author": {
     "name": "Onlooker Community",
@@ -26,7 +26,7 @@
     "test": "npm run test:bats && npm run test:schema",
     "test:bats": "bats test/bats",
     "test:schema": "node --test test/node/*.test.mjs",
-    "test:shellcheck": "shellcheck -S error -x install.sh scripts/common.sh scripts/hooks/*.sh scripts/lib/*.sh plugins/archivist/scripts/hooks/*.sh plugins/archivist/scripts/lib/*.sh plugins/tribunal/scripts/hooks/*.sh plugins/tribunal/scripts/lib/*.sh plugins/echo/scripts/hooks/*.sh plugins/echo/scripts/lib/*.sh plugins/governor/scripts/hooks/*.sh plugins/governor/scripts/lib/*.sh plugins/compass/scripts/hooks/*.sh plugins/compass/scripts/lib/*.sh plugins/scribe/scripts/hooks/*.sh plugins/scribe/scripts/lib/*.sh plugins/counsel/scripts/hooks/*.sh plugins/counsel/scripts/lib/*.sh plugins/warden/scripts/hooks/*.sh plugins/warden/scripts/lib/*.sh plugins/librarian/scripts/hooks/*.sh plugins/librarian/scripts/lib/*.sh plugins/curator/scripts/hooks/*.sh plugins/curator/scripts/lib/*.sh plugins/historian/scripts/hooks/*.sh plugins/historian/scripts/lib/*.sh plugins/assayer/scripts/hooks/*.sh plugins/assayer/scripts/lib/*.sh",
+    "test:shellcheck": "shellcheck -S error -x install.sh scripts/common.sh scripts/hooks/*.sh scripts/lib/*.sh plugins/archivist/scripts/hooks/*.sh plugins/archivist/scripts/lib/*.sh plugins/tribunal/scripts/hooks/*.sh plugins/tribunal/scripts/lib/*.sh plugins/echo/scripts/hooks/*.sh plugins/echo/scripts/lib/*.sh plugins/governor/scripts/hooks/*.sh plugins/governor/scripts/lib/*.sh plugins/compass/scripts/hooks/*.sh plugins/compass/scripts/lib/*.sh plugins/scribe/scripts/hooks/*.sh plugins/scribe/scripts/lib/*.sh plugins/counsel/scripts/hooks/*.sh plugins/counsel/scripts/lib/*.sh plugins/warden/scripts/hooks/*.sh plugins/warden/scripts/lib/*.sh plugins/librarian/scripts/hooks/*.sh plugins/librarian/scripts/lib/*.sh plugins/curator/scripts/hooks/*.sh plugins/curator/scripts/lib/*.sh plugins/historian/scripts/hooks/*.sh plugins/historian/scripts/lib/*.sh plugins/assayer/scripts/hooks/*.sh plugins/assayer/scripts/lib/*.sh plugins/cartographer/scripts/hooks/*.sh plugins/cartographer/scripts/lib/*.sh",
     "lint:references": "node scripts/lint/check-references.mjs",
     "lint:manifests": "node scripts/lint/check-manifests.mjs",
     "coverage:node": "node scripts/coverage/run-coverage.mjs",

package/plugins/cartographer/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "cartographer",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Proactive periodic auditor of the persistent instruction layer (CLAUDE.md, AGENTS.md, .claude/rules/). Discovers all instruction files in the repo, extracts semantic maps, and surfaces contradictions, shadowing, gaps, and drift before they cause expensive agent misbehavior. Builds on the Onlooker ecosystem plugin.",
   "author": {
     "name": "Onlooker Community",

package/plugins/cartographer/CHANGELOG.md

@@ -2,6 +2,13 @@
 
 All notable changes to the Cartographer plugin are documented here.
 
+## [0.2.1](https://github.com/onlooker-community/ecosystem/compare/cartographer-v0.2.0...cartographer-v0.2.1) (2026-06-10)
+
+
+### Bug Fixes
+
+* vendor portable-lock.sh into cartographer and governor ([#73](https://github.com/onlooker-community/ecosystem/issues/73)) ([ab2c354](https://github.com/onlooker-community/ecosystem/commit/ab2c354b131c26cc642ebb51e84a043dc43cbaa1))
+
 ## [0.2.0](https://github.com/onlooker-community/ecosystem/compare/cartographer-v0.1.0...cartographer-v0.2.0) (2026-05-25)
 
 

package/plugins/cartographer/scripts/lib/cartographer-lock.sh

@@ -9,17 +9,27 @@
 #   cartographer_lock_acquire <lock_file>   # returns 0=acquired, 1=timeout
 #   cartographer_lock_release <lock_file>
 
-_CARTOGRAPHER_LOCK_LIB="$(cd "$(dirname "${BASH_SOURCE[0]}")/../../../../scripts/lib" && pwd)/portable-lock.sh"
+# portable-lock.sh is vendored into this plugin's lib dir (a sibling of this
+# file) so cartographer stays self-contained when installed standalone from
+# the marketplace, where the ecosystem repo's top-level scripts/lib/ is absent.
+_CARTOGRAPHER_LOCK_LIB="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)/portable-lock.sh"
 
-if [[ ! -f "$_CARTOGRAPHER_LOCK_LIB" ]]; then
-	printf '[cartographer-lock] ERROR: portable-lock.sh not found at %s\n' \
+if [[ -f "$_CARTOGRAPHER_LOCK_LIB" ]]; then
+	# shellcheck source=./portable-lock.sh
+	source "$_CARTOGRAPHER_LOCK_LIB"
+else
+	# The vendored lock should always be present, but if an unexpected
+	# packaging or path issue removes it we must degrade gracefully: the
+	# cartographer hooks are fail-soft and contractually exit 0, so a hard
+	# exit here would crash a session this plugin was only meant to observe.
+	# Define a primitive that always fails to acquire, so the hooks'
+	# `cartographer_lock_acquire ... || exit 0` skips the audit instead.
+	printf '[cartographer-lock] WARN: portable-lock.sh not found at %s; locking disabled, skipping audit\n' \
 		"$_CARTOGRAPHER_LOCK_LIB" >&2
-	exit 1
+	lock_acquire() { return 1; }
+	lock_release() { return 0; }
 fi
 
-# shellcheck source=../../../../scripts/lib/portable-lock.sh
-source "$_CARTOGRAPHER_LOCK_LIB"
-
 cartographer_lock_acquire() {
 	local lock_file="${1:?lock_file required}"
 	mkdir -p "$(dirname "$lock_file")" 2>/dev/null || true

package/plugins/cartographer/scripts/lib/portable-lock.sh

@@ -0,0 +1,57 @@
+#!/usr/bin/env bash
+# portable-lock.sh — vendored copy of the ecosystem substrate's portable lock.
+#
+# Vendored into the cartographer plugin so the plugin is self-contained when
+# installed standalone from the marketplace: the cache layout
+# (~/.claude/plugins/cache/<owner>/cartographer/<version>/) does not include
+# the ecosystem repo's top-level scripts/lib/, so reaching up to it breaks.
+# This mirrors the per-plugin vendoring of cartographer-ulid.sh and friends.
+# Keep in sync with scripts/lib/portable-lock.sh at the repo root.
+#
+# Portable advisory file locking via mkdir() atomicity.
+#
+# Replaces flock(1), which ships with util-linux on Linux but is not present
+# in stock macOS. This matters because the Onlooker hooks run on user
+# machines, not just in CI: a macOS user without util-linux would otherwise
+# see concurrent writes to $ONLOOKER_DIR silently clobber each other.
+#
+# mkdir() is atomic on POSIX local filesystems, which is the only place
+# $ONLOOKER_DIR ever lives. Network filesystems (NFS) do not guarantee
+# atomicity, but Claude Code state is local-only.
+#
+# Usage:
+#   lock_acquire "/path/to/file.lock" [timeout_seconds=5]
+#   # ... critical section ...
+#   lock_release "/path/to/file.lock"
+#
+# Avoid associative arrays so bash 3.2 (macOS default) keeps working.
+
+# Acquire an exclusive lock at LOCKPATH. Returns 0 on success, 1 on timeout.
+lock_acquire() {
+	local lockpath="${1:-}"
+	local timeout="${2:-5}"
+	[[ -z "$lockpath" ]] && return 1
+
+	local lockdir="${lockpath}.d"
+	local waited=0
+	# Poll at 10 Hz so a 5s timeout = 50 attempts.
+	local max_iter=$((timeout * 10))
+	while ! mkdir "$lockdir" 2>/dev/null; do
+		if ((waited >= max_iter)); then
+			return 1
+		fi
+		# `sleep 0.1` works on Linux + macOS; the `|| sleep 1` is a paranoid
+		# fallback for embedded shells that only accept integer seconds.
+		sleep 0.1 2>/dev/null || sleep 1
+		waited=$((waited + 1))
+	done
+	return 0
+}
+
+# Release the lock previously acquired for LOCKPATH. Safe to call when the
+# lock is not held (no-op in that case).
+lock_release() {
+	local lockpath="${1:-}"
+	[[ -z "$lockpath" ]] && return 0
+	rmdir "${lockpath}.d" 2>/dev/null || true
+}

package/plugins/governor/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "governor",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Resource governance and budget enforcement for the Onlooker ecosystem. Tracks per-session token and cost spend, gates Task spawns before they exceed a configurable budget ceiling, and emits governor.* events for audit. Named for the steam-engine governor — a device that regulates output. Builds on the Onlooker ecosystem plugin.",
   "author": {
     "name": "Onlooker Community",

package/plugins/governor/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [0.2.1](https://github.com/onlooker-community/ecosystem/compare/governor-v0.2.0...governor-v0.2.1) (2026-06-10)
+
+
+### Bug Fixes
+
+* vendor portable-lock.sh into cartographer and governor ([#73](https://github.com/onlooker-community/ecosystem/issues/73)) ([ab2c354](https://github.com/onlooker-community/ecosystem/commit/ab2c354b131c26cc642ebb51e84a043dc43cbaa1))
+
 ## [0.2.0](https://github.com/onlooker-community/ecosystem/compare/governor-v0.1.0...governor-v0.2.0) (2026-05-26)
 
 

package/plugins/governor/scripts/hooks/governor-post-tool-use.sh

@@ -24,12 +24,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/hooks/governor-pre-tool-use.sh

@@ -36,12 +36,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/hooks/governor-session-start.sh

@@ -28,12 +28,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/hooks/governor-stop.sh

@@ -25,12 +25,16 @@ fi
 if [[ -n "$_ECOSYSTEM_ROOT" && -f "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh" ]]; then
 	# shellcheck disable=SC1091
 	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/validate-path.sh"
-	# shellcheck disable=SC1091
-	CLAUDE_PLUGIN_ROOT="$_ECOSYSTEM_ROOT" source "${_ECOSYSTEM_ROOT}/scripts/lib/portable-lock.sh"
 fi
 
 export CLAUDE_PLUGIN_ROOT="$PLUGIN_ROOT"
 
+# portable-lock.sh is vendored into this plugin's lib dir so the ledger's
+# atomic appends keep working when governor is installed standalone, where the
+# ecosystem repo's top-level scripts/lib/ is absent from the plugin cache.
+# shellcheck source=../lib/portable-lock.sh
+source "${PLUGIN_ROOT}/scripts/lib/portable-lock.sh"
+
 # shellcheck source=../lib/governor-config.sh
 source "${PLUGIN_ROOT}/scripts/lib/governor-config.sh"
 # shellcheck source=../lib/governor-events.sh

package/plugins/governor/scripts/lib/portable-lock.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+# portable-lock.sh — vendored copy of the ecosystem substrate's portable lock.
+#
+# Vendored into the governor plugin so the ledger's atomic appends keep
+# working when governor is installed standalone from the marketplace: the
+# cache layout (~/.claude/plugins/cache/<owner>/governor/<version>/) does not
+# include the ecosystem repo's top-level scripts/lib/. Without a local copy,
+# lock_acquire would be undefined and governor_ledger_append would poison the
+# ledger after exhausting its retries. This mirrors the per-plugin vendoring
+# of governor-ulid.sh and friends.
+# Keep in sync with scripts/lib/portable-lock.sh at the repo root.
+#
+# Portable advisory file locking via mkdir() atomicity.
+#
+# Replaces flock(1), which ships with util-linux on Linux but is not present
+# in stock macOS. This matters because the Onlooker hooks run on user
+# machines, not just in CI: a macOS user without util-linux would otherwise
+# see concurrent writes to $ONLOOKER_DIR silently clobber each other.
+#
+# mkdir() is atomic on POSIX local filesystems, which is the only place
+# $ONLOOKER_DIR ever lives. Network filesystems (NFS) do not guarantee
+# atomicity, but Claude Code state is local-only.
+#
+# Usage:
+#   lock_acquire "/path/to/file.lock" [timeout_seconds=5]
+#   # ... critical section ...
+#   lock_release "/path/to/file.lock"
+#
+# Avoid associative arrays so bash 3.2 (macOS default) keeps working.
+
+# Acquire an exclusive lock at LOCKPATH. Returns 0 on success, 1 on timeout.
+lock_acquire() {
+	local lockpath="${1:-}"
+	local timeout="${2:-5}"
+	[[ -z "$lockpath" ]] && return 1
+
+	local lockdir="${lockpath}.d"
+	local waited=0
+	# Poll at 10 Hz so a 5s timeout = 50 attempts.
+	local max_iter=$((timeout * 10))
+	while ! mkdir "$lockdir" 2>/dev/null; do
+		if ((waited >= max_iter)); then
+			return 1
+		fi
+		# `sleep 0.1` works on Linux + macOS; the `|| sleep 1` is a paranoid
+		# fallback for embedded shells that only accept integer seconds.
+		sleep 0.1 2>/dev/null || sleep 1
+		waited=$((waited + 1))
+	done
+	return 0
+}
+
+# Release the lock previously acquired for LOCKPATH. Safe to call when the
+# lock is not held (no-op in that case).
+lock_release() {
+	local lockpath="${1:-}"
+	[[ -z "$lockpath" ]] && return 0
+	rmdir "${lockpath}.d" 2>/dev/null || true
+}

package/scripts/lib/portable-lock.sh

@@ -4,7 +4,7 @@
 # Replaces flock(1), which ships with util-linux on Linux but is not present
 # in stock macOS. This matters because the Onlooker hooks run on user
 # machines, not just in CI: a macOS user without util-linux would otherwise
-# see every PostToolUse history append silently fail.
+# see concurrent writes to $ONLOOKER_DIR silently clobber each other.
 #
 # mkdir() is atomic on POSIX local filesystems, which is the only place
 # $ONLOOKER_DIR ever lives. Network filesystems (NFS) do not guarantee

package/test/bats/cartographer-lock.bats

@@ -75,3 +75,22 @@ teardown() {
   [ "$status" -ne 0 ]
   wait
 }
+
+@test "missing vendored portable-lock.sh degrades to a no-op lock, never crashes" {
+  # Copy only the wrapper into an isolated dir WITHOUT its sibling
+  # portable-lock.sh to simulate a broken packaging/path. The cartographer
+  # hooks are fail-soft (exit 0), so sourcing must not abort and acquire must
+  # fail so the caller's `... || exit 0` skips the audit instead of crashing.
+  cp "${REPO_ROOT}/plugins/cartographer/scripts/lib/cartographer-lock.sh" "${BATS_TEST_TMPDIR}/cartographer-lock.sh"
+  run bash -c "
+    source '${BATS_TEST_TMPDIR}/cartographer-lock.sh'
+    echo SOURCED_OK
+    cartographer_lock_acquire '${BATS_TEST_TMPDIR}/x.lock' && echo ACQUIRED || echo ACQUIRE_FAILED
+    cartographer_lock_release '${BATS_TEST_TMPDIR}/x.lock' && echo RELEASE_OK
+  "
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"SOURCED_OK"* ]]
+  [[ "$output" == *"ACQUIRE_FAILED"* ]]
+  [[ "$output" == *"RELEASE_OK"* ]]
+  [[ "$output" == *"locking disabled"* ]]
+}