@openthink/stamp 1.1.0 → 1.2.0

package/dist/index.js

@@ -11,6 +11,7 @@ import {
   firstParentCommits,
   formatTrailers,
   generateKeypair,
+  gitCommonDir,
   isPathTracked,
   latestReviews,
   latestVerdicts,
@@ -38,18 +39,19 @@ import {
   stampReviewersDir,
   stampStateDbPath,
   stampTrustedKeysDir,
+  userConfigPath,
   userKeysDir,
   userServerConfigPath,
   verifyBytes
-} from "./chunk-TTOMORIY.js";
+} from "./chunk-UBRQLZON.js";
 
 // src/index.ts
 import { Command } from "commander";
 
 // src/commands/bootstrap.ts
 import { execFileSync } from "child_process";
-import { existsSync as existsSync5, readFileSync as readFileSync4, readdirSync, statSync, writeFileSync as writeFileSync4 } from "fs";
-import { dirname as dirname2, join as join3 } from "path";
+import { existsSync as existsSync6, readFileSync as readFileSync5, readdirSync, statSync, writeFileSync as writeFileSync5 } from "fs";
+import { dirname as dirname3, join as join3 } from "path";
 
 // src/lib/agentsMd.ts
 import { existsSync, readFileSync, writeFileSync } from "fs";
@@ -464,9 +466,19 @@ function validateConfig(input) {
       throw new Error(`config.branches.${name}.required must be an array`);
     }
     const required_checks = parseChecks(r.required_checks, name);
+    let require_human_merge;
+    if (r.require_human_merge !== void 0) {
+      if (typeof r.require_human_merge !== "boolean") {
+        throw new Error(
+          `config.branches.${name}.require_human_merge must be a boolean`
+        );
+      }
+      require_human_merge = r.require_human_merge;
+    }
     branches[name] = {
       required: r.required.map(String),
-      ...required_checks ? { required_checks } : {}
+      ...required_checks ? { required_checks } : {},
+      ...require_human_merge !== void 0 ? { require_human_merge } : {}
     };
   }
   const reviewers2 = {};
@@ -484,10 +496,20 @@ function validateConfig(input) {
     }
     const tools = parseTools(d.tools, name);
     const mcp_servers = parseMcpServers(d.mcp_servers, name);
+    let enforce_reads_on_dotstamp;
+    if (d.enforce_reads_on_dotstamp !== void 0) {
+      if (typeof d.enforce_reads_on_dotstamp !== "boolean") {
+        throw new Error(
+          `config.reviewers.${name}.enforce_reads_on_dotstamp must be a boolean (got ${JSON.stringify(d.enforce_reads_on_dotstamp)})`
+        );
+      }
+      enforce_reads_on_dotstamp = d.enforce_reads_on_dotstamp;
+    }
     reviewers2[name] = {
       prompt: d.prompt,
       ...tools ? { tools } : {},
-      ...mcp_servers ? { mcp_servers } : {}
+      ...mcp_servers ? { mcp_servers } : {},
+      ...enforce_reads_on_dotstamp !== void 0 ? { enforce_reads_on_dotstamp } : {}
     };
   }
   return { branches, reviewers: reviewers2 };
@@ -707,8 +729,8 @@ function parseStringMap(input, path2) {
   }
   return out;
 }
-function stringifyConfig(config) {
-  return stringify(config);
+function stringifyConfig(config2) {
+  return stringify(config2);
 }
 function findBranchRule(branches, branchName) {
   const exact = branches[branchName];
@@ -1262,14 +1284,61 @@ function redactMcpToolName(tool2) {
   return `mcp__sha256:${h(server2)}__sha256:${h(name)}`;
 }
 function redactToolCallsForAttestation(calls) {
-  if (process.env.STAMP_HASH_MCP_NAMES !== "1") return calls;
+  if (process.env.STAMP_HASH_MCP_NAMES === "0") return calls;
   return calls.map((c) => ({ ...c, tool: redactMcpToolName(c.tool) }));
 }
 
+// src/lib/humanMerge.ts
+import { readSync } from "fs";
+function requireHumanMerge(args) {
+  if (args.branchRule.require_human_merge === false) return;
+  if (args.yes) return;
+  if (process.env.STAMP_REQUIRE_HUMAN_MERGE === "0") return;
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    throw new Error(
+      `confirmation required: stamp merge needs interactive confirmation for protected branch "${args.target}", but no TTY is attached.
+
+Opt out explicitly \u2014 pick one:
+  - per-invocation:  stamp merge ${args.source} --into ${args.target} --yes
+  - per-shell:       STAMP_REQUIRE_HUMAN_MERGE=0 stamp merge ...
+  - per-branch:      add 'require_human_merge: false' under branches.${args.target} in .stamp/config.yml (and merge that change through the normal review flow)
+
+Background: stamp's threat model treats LLM-verdict-as-merge-authorization as residual HIGH (audit H1). The default forces operator awareness; the env var / flag / config field are how you declare automated intent.`
+    );
+  }
+  const prompt2 = `Sign + merge '${args.source}' (${args.head_sha.slice(0, 8)}) \u2192 '${args.target}' (base ${args.base_sha.slice(0, 8)})? [y/N] `;
+  process.stdout.write(prompt2);
+  const answer = readLineSync().trim().toLowerCase();
+  if (answer !== "y" && answer !== "yes") {
+    throw new Error(
+      `merge cancelled: operator answered '${answer || "<empty>"}' to the confirmation prompt for ${args.source} \u2192 ${args.target}.`
+    );
+  }
+}
+function readLineSync() {
+  const buf = Buffer.alloc(1);
+  let out = "";
+  const fd = 0;
+  for (; ; ) {
+    let n;
+    try {
+      n = readSync(fd, buf, 0, 1, null);
+    } catch {
+      break;
+    }
+    if (n === 0) break;
+    const ch = buf.toString("utf8", 0, 1);
+    if (ch === "\n") break;
+    out += ch;
+  }
+  if (out.endsWith("\r")) out = out.slice(0, -1);
+  return out;
+}
+
 // src/commands/merge.ts
 function runMerge(opts) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
+  const config2 = loadConfig(stampConfigFile(repoRoot));
   const currentBranch2 = git(
     ["rev-parse", "--abbrev-ref", "HEAD"],
     repoRoot
@@ -1290,7 +1359,7 @@ function runMerge(opts) {
   }
   const revspec = `${opts.into}..${opts.branch}`;
   const resolved = resolveDiff(revspec, repoRoot);
-  const rule = findBranchRule(config.branches, opts.into);
+  const rule = findBranchRule(config2.branches, opts.into);
   if (!rule) {
     throw new Error(
       `no branch rule for "${opts.into}" in .stamp/config.yml`
@@ -1317,6 +1386,14 @@ function runMerge(opts) {
         `gate CLOSED: missing approved verdicts for: ${missing.join(", ")}. Run \`stamp status --diff ${revspec}\` to inspect, then \`stamp review --diff ${revspec}\` to review.`
       );
     }
+    requireHumanMerge({
+      target: opts.into,
+      source: opts.branch,
+      base_sha: resolved.base_sha,
+      head_sha: resolved.head_sha,
+      branchRule: rule,
+      yes: opts.yes ?? false
+    });
     approvals = rule.required.map((name) => {
       const rev = byReviewer.get(name);
       const toolCalls = redactToolCallsForAttestation(parseToolCalls(rev.tool_calls));
@@ -1485,11 +1562,11 @@ function runPush(opts) {
 }
 
 // src/commands/review.ts
-import { existsSync as existsSync4 } from "fs";
+import { existsSync as existsSync5 } from "fs";
 
 // src/lib/reviewer.ts
 import { randomBytes } from "crypto";
-import { chmodSync, mkdirSync, writeFileSync as writeFileSync2 } from "fs";
+import { chmodSync, mkdirSync as mkdirSync2, realpathSync, writeFileSync as writeFileSync3 } from "fs";
 import path from "path";
 import { createSdkMcpServer, query, tool } from "@anthropic-ai/claude-agent-sdk";
 import { z as z2 } from "zod";
@@ -1525,10 +1602,137 @@ ${body}
 ${close}`;
 }
 
+// src/lib/userConfig.ts
+import {
+  existsSync as existsSync3,
+  mkdirSync,
+  readFileSync as readFileSync4,
+  renameSync,
+  unlinkSync,
+  writeFileSync as writeFileSync2
+} from "fs";
+import { dirname } from "path";
+import { parse as parseYaml3, stringify as stringifyYaml } from "yaml";
+var DEFAULT_REVIEWER_MODELS = {
+  security: "claude-sonnet-4-6",
+  standards: "claude-sonnet-4-6",
+  product: "claude-sonnet-4-6"
+};
+var REVIEWER_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9_-]{0,63}$/;
+var MODEL_ID_RE = /^[A-Za-z0-9][A-Za-z0-9._:@/-]*$/;
+function isValidReviewerName(name) {
+  return REVIEWER_NAME_RE.test(name);
+}
+function isValidModelId(id) {
+  return MODEL_ID_RE.test(id) && id.length <= 128;
+}
+function loadUserConfig() {
+  const path2 = userConfigPath();
+  if (!existsSync3(path2)) return null;
+  let raw;
+  try {
+    raw = readFileSync4(path2, "utf8");
+  } catch (err) {
+    throw new Error(
+      `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  return parseUserConfig(raw, path2);
+}
+function parseUserConfig(raw, contextPath = "<inline>") {
+  const trimmed = raw.trim();
+  if (trimmed === "") {
+    return { reviewers: {} };
+  }
+  const parsed = parseYaml3(raw);
+  if (parsed === null || parsed === void 0) {
+    return { reviewers: {} };
+  }
+  if (typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(
+      `${contextPath}: must be a YAML mapping (got ${Array.isArray(parsed) ? "array" : typeof parsed})`
+    );
+  }
+  const obj = parsed;
+  const reviewersRaw = obj.reviewers;
+  const reviewers2 = {};
+  if (reviewersRaw !== void 0 && reviewersRaw !== null) {
+    if (typeof reviewersRaw !== "object" || Array.isArray(reviewersRaw)) {
+      throw new Error(
+        `${contextPath}: 'reviewers' must be a mapping of <reviewer-name> to <model-id>`
+      );
+    }
+    for (const [name, value] of Object.entries(
+      reviewersRaw
+    )) {
+      if (!isValidReviewerName(name)) {
+        throw new Error(
+          `${contextPath}: reviewer name '${name}' under 'reviewers' is invalid (letters, digits, underscores, hyphens; max 64 chars; no leading hyphen)`
+        );
+      }
+      if (typeof value !== "string" || value.trim() === "") {
+        throw new Error(
+          `${contextPath}: reviewers.${name} must be a non-empty string (model id)`
+        );
+      }
+      const id = value.trim();
+      if (!isValidModelId(id)) {
+        throw new Error(
+          `${contextPath}: reviewers.${name} = ${JSON.stringify(value)} is not a valid model id (expected a token like 'claude-sonnet-4-6'; the SDK accepts opaque strings, but stamp rejects shapes with whitespace or control chars)`
+        );
+      }
+      reviewers2[name] = id;
+    }
+  }
+  return { reviewers: reviewers2 };
+}
+function stringifyUserConfig(cfg) {
+  return stringifyYaml({ reviewers: cfg.reviewers });
+}
+function writeUserConfig(cfg) {
+  const path2 = userConfigPath();
+  const dir = dirname(path2);
+  if (!existsSync3(dir)) mkdirSync(dir, { recursive: true, mode: 448 });
+  const tmp = `${path2}.tmp.${process.pid}`;
+  writeFileSync2(tmp, stringifyUserConfig(cfg), { mode: 384 });
+  renameSync(tmp, path2);
+  return path2;
+}
+function loadOrCreateUserConfig() {
+  const path2 = userConfigPath();
+  const existed = existsSync3(path2);
+  if (!existed) {
+    const defaults = {
+      reviewers: { ...DEFAULT_REVIEWER_MODELS }
+    };
+    writeUserConfig(defaults);
+    return { config: defaults, created: true, path: path2 };
+  }
+  const config2 = loadUserConfig() ?? { reviewers: {} };
+  return { config: config2, created: false, path: path2 };
+}
+function resolveReviewerModel(reviewer) {
+  let cfg;
+  try {
+    cfg = loadUserConfig();
+  } catch {
+    return null;
+  }
+  if (!cfg) return null;
+  const id = cfg.reviewers[reviewer];
+  return typeof id === "string" && id.length > 0 ? id : null;
+}
+function deleteUserConfig() {
+  const path2 = userConfigPath();
+  if (!existsSync3(path2)) return false;
+  unlinkSync(path2);
+  return true;
+}
+
 // src/lib/reviewer.ts
 var VERDICT_LINE_REGEX = /^VERDICT:\s*(approved|changes_requested|denied)\s*$/;
-var REVIEWER_INTERNAL_DENY_PATHS = [".git/stamp/state.db"];
-var REVIEWER_INTERNAL_DENY_PREFIXES = [".stamp/trusted-keys/"];
+var REVIEWER_INTERNAL_DENY_PATHS = [];
+var REVIEWER_INTERNAL_DENY_PREFIXES = [".git/stamp/", ".stamp/trusted-keys/"];
 function denyIfOutsideRepo(inputPath, repoRoot, toolName) {
   if (typeof inputPath !== "string" || inputPath.length === 0) {
     return `${toolName} input path must be a non-empty string`;
@@ -1540,6 +1744,40 @@ function denyIfOutsideRepo(inputPath, repoRoot, toolName) {
   }
   return null;
 }
+function denyIfRealpathOutsideRepo(resolved, resolvedRoot, inputPath, toolName) {
+  let canonRoot;
+  try {
+    canonRoot = realpathSync.native(resolvedRoot);
+  } catch {
+    return { canon: null, canonRoot: null, deny: null };
+  }
+  let probe = resolved;
+  let realPrefix = null;
+  const tail = [];
+  for (; ; ) {
+    try {
+      realPrefix = realpathSync.native(probe);
+      break;
+    } catch {
+      const parent = path.dirname(probe);
+      if (parent === probe) break;
+      tail.unshift(path.basename(probe));
+      probe = parent;
+    }
+  }
+  if (realPrefix === null) {
+    return { canon: null, canonRoot: null, deny: null };
+  }
+  const canon = tail.length === 0 ? realPrefix : path.join(realPrefix, ...tail);
+  if (canon !== canonRoot && !canon.startsWith(canonRoot + path.sep)) {
+    return {
+      canon,
+      canonRoot,
+      deny: `${toolName} path "${inputPath}" resolves through a symlink to "${canon}", which is outside repoRoot ("${canonRoot}"). Reviewer tools are scoped to the repository; symlinks pointing out are treated the same as a literal escape.`
+    };
+  }
+  return { canon, canonRoot, deny: null };
+}
 function denyIfReviewerInternal(resolvedAbs, resolvedRoot, inputPath) {
   const rel = path.relative(resolvedRoot, resolvedAbs);
   for (const denied of REVIEWER_INTERNAL_DENY_PATHS) {
@@ -1549,7 +1787,7 @@ function denyIfReviewerInternal(resolvedAbs, resolvedRoot, inputPath) {
   }
   for (const prefix of REVIEWER_INTERNAL_DENY_PREFIXES) {
     if (rel === prefix.replace(/\/$/, "") || rel.startsWith(prefix)) {
-      return `Read of "${inputPath}" denied: ${prefix}* holds reviewer trust anchors and is exfil-attractive.`;
+      return `Read of "${inputPath}" denied: ${prefix}* is reviewer-internal (trust anchors / verdict DB / spools) and is exfil-attractive.`;
     }
   }
   return null;
@@ -1593,9 +1831,18 @@ function checkReviewerTool(args) {
     if (denied) return { allow: false, reason: denied };
     const resolvedRoot = path.resolve(repoRoot);
     const resolved = path.resolve(resolvedRoot, filePath);
-    const internal = denyIfReviewerInternal(
+    const realpathCheck = denyIfRealpathOutsideRepo(
       resolved,
       resolvedRoot,
+      filePath,
+      "Read"
+    );
+    if (realpathCheck.deny) return { allow: false, reason: realpathCheck.deny };
+    const internalProbe = realpathCheck.canon ?? resolved;
+    const internalRoot = realpathCheck.canonRoot ?? resolvedRoot;
+    const internal = denyIfReviewerInternal(
+      internalProbe,
+      internalRoot,
       filePath
     );
     if (internal) return { allow: false, reason: internal };
@@ -1606,6 +1853,15 @@ function checkReviewerTool(args) {
     if (grepPath !== void 0) {
       const denied = denyIfOutsideRepo(grepPath, repoRoot, "Grep");
       if (denied) return { allow: false, reason: denied };
+      const resolvedRoot = path.resolve(repoRoot);
+      const resolved = path.resolve(resolvedRoot, grepPath);
+      const realpathCheck = denyIfRealpathOutsideRepo(
+        resolved,
+        resolvedRoot,
+        grepPath,
+        "Grep"
+      );
+      if (realpathCheck.deny) return { allow: false, reason: realpathCheck.deny };
     }
     return { allow: true };
   }
@@ -1614,6 +1870,15 @@ function checkReviewerTool(args) {
     if (globPath !== void 0) {
       const denied = denyIfOutsideRepo(globPath, repoRoot, "Glob");
       if (denied) return { allow: false, reason: denied };
+      const resolvedRoot = path.resolve(repoRoot);
+      const resolved = path.resolve(resolvedRoot, globPath);
+      const realpathCheck = denyIfRealpathOutsideRepo(
+        resolved,
+        resolvedRoot,
+        globPath,
+        "Glob"
+      );
+      if (realpathCheck.deny) return { allow: false, reason: realpathCheck.deny };
     }
     const pattern = input.pattern;
     if (typeof pattern === "string") {
@@ -1635,6 +1900,11 @@ function checkReviewerTool(args) {
   return { allow: true };
 }
 async function invokeReviewer(params) {
+  if (process.env.STAMP_NO_LLM === "1") {
+    throw new Error(
+      `STAMP_NO_LLM=1 is set; refusing to invoke the Claude Agent SDK for reviewer "${params.reviewer}". With this env var on, stamp's LLM-using surface (review / reviewers test / bootstrap) is disabled \u2014 no diff content will leave the host. The signing, verification, and merge primitives (stamp keys / stamp merge / stamp verify / stamp log / the pre-receive hook) all continue to work; you can attest manual review by capturing verdicts in state.db out-of-band before merge. Unset STAMP_NO_LLM (or set it to anything other than "1") to re-enable.`
+    );
+  }
   const def = params.config.reviewers[params.reviewer];
   if (!def) {
     throw new Error(
@@ -1744,6 +2014,7 @@ async function invokeReviewer(params) {
   };
   const maxTurns = parseIntEnv("STAMP_REVIEWER_MAX_TURNS", 8);
   const timeoutMs = parseIntEnv("STAMP_REVIEWER_TIMEOUT_MS", 5 * 60 * 1e3);
+  const modelOverride = resolveReviewerModel(params.reviewer);
   const abortController = new AbortController();
   const timeoutHandle = setTimeout(() => {
     abortController.abort(
@@ -1761,6 +2032,10 @@ async function invokeReviewer(params) {
       mcpServers,
       maxTurns,
       abortController,
+      // Spread the model option so a null resolution leaves the SDK to
+      // pick its own default rather than landing as `model: null` (which
+      // some SDK versions treat as a typed override of the default).
+      ...modelOverride !== null ? { model: modelOverride } : {},
       // PreToolUse fires for every tool call regardless of `allowedTools`
       // membership, which is what we want for security gating: pre-approving
       // a tool name in `allowedTools` should not bypass per-call validation.
@@ -1797,6 +2072,7 @@ async function invokeReviewer(params) {
   let finalText = null;
   let errorMessage = null;
   const toolCalls = [];
+  const readPaths = /* @__PURE__ */ new Set();
   try {
     for await (const msg of q) {
       if (msg.type === "assistant") {
@@ -1810,6 +2086,14 @@ async function invokeReviewer(params) {
                   tool: b.name,
                   input_sha256: hashToolInput(b.input)
                 });
+                if (b.name === "Read" && b.input && typeof b.input === "object") {
+                  const fp = b.input.file_path;
+                  if (typeof fp === "string" && fp.length > 0) {
+                    const resolved = path.resolve(params.repoRoot, fp);
+                    const rel = path.relative(params.repoRoot, resolved);
+                    if (rel && !rel.startsWith("..")) readPaths.add(rel);
+                  }
+                }
               }
             }
           }
@@ -1845,6 +2129,26 @@ async function invokeReviewer(params) {
     verdict = parseLastLineVerdict(fallbackText, params.reviewer, params.repoRoot);
     prose = stripLastLineVerdict(fallbackText);
   }
+  if (def.enforce_reads_on_dotstamp && verdict === "approved") {
+    const missing = findMissingDotstampReads(
+      params.base_sha,
+      params.head_sha,
+      params.repoRoot,
+      readPaths
+    );
+    if (missing.length > 0) {
+      const list = missing.map((p) => `  - ${p}`).join("\n");
+      verdict = "changes_requested";
+      prose = `verdict/trace inconsistency: this reviewer is configured with enforce_reads_on_dotstamp=true, the diff modifies the following \`.stamp/*\` paths, and none of them appeared in the reviewer's Read trace before approval:
+
+${list}
+
+Approving a change to stamp's own trust anchors without inspecting the diff defeats audit H1's defense-in-depth posture. Re-run the review and call \`Read('<path>')\` for each modified \`.stamp/*\` file before submitting an approved verdict.${prose ? `
+
+Original prose:
+${prose}` : ""}`;
+    }
+  }
   return {
     reviewer: params.reviewer,
     prose,
@@ -1853,6 +2157,23 @@ async function invokeReviewer(params) {
     retros: submittedRetros
   };
 }
+function findMissingDotstampReads(baseSha, headSha, repoRoot, readPaths) {
+  let raw;
+  try {
+    raw = runGit(
+      ["diff", "--name-only", "--diff-filter=AMR", `${baseSha}..${headSha}`],
+      repoRoot
+    );
+  } catch {
+    return [];
+  }
+  const modified = raw.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && l.startsWith(".stamp/"));
+  const missing = [];
+  for (const p of modified) {
+    if (!readPaths.has(p)) missing.push(p);
+  }
+  return missing.sort();
+}
 function resolveMcpServers(def, reviewerName) {
   if (!def.mcp_servers) return void 0;
   const operatorAllowlist = parseEnvAllowlist(
@@ -1992,13 +2313,13 @@ function sanitizeReviewerSlug(name) {
   return cleaned === "" ? "_" : cleaned;
 }
 function writeFailedParseSpool(repoRoot, reviewer, text) {
-  const dir = path.join(repoRoot, ".git", "stamp", "failed-parses");
-  mkdirSync(dir, { recursive: true, mode: 448 });
+  const dir = path.join(gitCommonDir(repoRoot), "stamp", "failed-parses");
+  mkdirSync2(dir, { recursive: true, mode: 448 });
   chmodSync(dir, 448);
   const slug = sanitizeReviewerSlug(reviewer);
   const filename = `${Date.now()}-${slug}.txt`;
   const filepath = path.join(dir, filename);
-  writeFileSync2(filepath, text, { flag: "wx", mode: 384 });
+  writeFileSync3(filepath, text, { flag: "wx", mode: 384 });
   chmodSync(filepath, 384);
   const lineCount = text === "" ? 0 : text.split("\n").length;
   return { path: filepath, lineCount };
@@ -2022,12 +2343,12 @@ function stripLastLineVerdict(text) {
 }
 
 // src/lib/llmNotice.ts
-import { existsSync as existsSync3, mkdirSync as mkdirSync2, writeFileSync as writeFileSync3 } from "fs";
-import { dirname } from "path";
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, writeFileSync as writeFileSync4 } from "fs";
+import { dirname as dirname2 } from "path";
 function maybePrintLlmNotice(repoRoot) {
   if (process.env.STAMP_SUPPRESS_LLM_NOTICE === "1") return;
   const marker = stampLlmNoticeMarkerPath(repoRoot);
-  if (existsSync3(marker)) return;
+  if (existsSync4(marker)) return;
   process.stderr.write(
     `note: stamp review ships the diff to Anthropic via the Claude Agent SDK.
       See README "Data flow / privacy" for what's sent and how to opt out.
@@ -2036,8 +2357,8 @@ function maybePrintLlmNotice(repoRoot) {
 `
   );
   try {
-    mkdirSync2(dirname(marker), { recursive: true });
-    writeFileSync3(marker, `${(/* @__PURE__ */ new Date()).toISOString()}
+    mkdirSync3(dirname2(marker), { recursive: true });
+    writeFileSync4(marker, `${(/* @__PURE__ */ new Date()).toISOString()}
 `);
   } catch {
   }
@@ -2046,9 +2367,14 @@ function maybePrintLlmNotice(repoRoot) {
 // src/commands/review.ts
 var DEFAULT_DIFF_SIZE_CAP_BYTES = 200 * 1024;
 async function runReview(opts) {
+  if (process.env.STAMP_NO_LLM === "1") {
+    throw new Error(
+      `STAMP_NO_LLM=1 is set; refusing to start \`stamp review\` because it would invoke the Claude Agent SDK. With this env var on, stamp's LLM-using commands (review / reviewers test / bootstrap) are disabled \u2014 no diff content will leave the host. The signing, verification, and merge primitives (stamp keys / stamp merge / stamp verify / stamp log / the pre-receive hook) all continue to work. Unset STAMP_NO_LLM to re-enable.`
+    );
+  }
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  if (!existsSync4(configPath)) {
+  if (!existsSync5(configPath)) {
     throw new Error(
       `no .stamp/config.yml at ${configPath}. Run \`stamp init\` first.`
     );
@@ -2088,16 +2414,16 @@ async function runReview(opts) {
       `failed to read .stamp/config.yml at base ${resolved.base_sha.slice(0, 8)}: ${err instanceof Error ? err.message : String(err)}`
     );
   }
-  const config = parseConfigFromYaml(baseConfigYaml);
-  const reviewerNames = chooseReviewers(config, opts.only);
+  const config2 = parseConfigFromYaml(baseConfigYaml);
+  const reviewerNames = chooseReviewers(config2, opts.only);
   if (reviewerNames.length === 0) {
     throw new Error(
-      `no reviewers to run at base ${resolved.base_sha.slice(0, 8)} (config there has ${Object.keys(config.reviewers).length} configured). If this branch ADDS a new reviewer, the new reviewer cannot review its own introduction \u2014 that's a deliberate security boundary. Land the reviewer in a separate PR first, then it can review subsequent diffs.`
+      `no reviewers to run at base ${resolved.base_sha.slice(0, 8)} (config there has ${Object.keys(config2.reviewers).length} configured). If this branch ADDS a new reviewer, the new reviewer cannot review its own introduction \u2014 that's a deliberate security boundary. Land the reviewer in a separate PR first, then it can review subsequent diffs.`
     );
   }
   const promptBytesByReviewer = /* @__PURE__ */ new Map();
   for (const name of reviewerNames) {
-    const def = config.reviewers[name];
+    const def = config2.reviewers[name];
     let bytes;
     try {
       bytes = showAtRef(resolved.base_sha, def.prompt, repoRoot);
@@ -2109,6 +2435,16 @@ async function runReview(opts) {
     promptBytesByReviewer.set(name, bytes);
   }
   maybePrintLlmNotice(repoRoot);
+  const userCfg = loadOrCreateUserConfig();
+  if (userCfg.created) {
+    process.stderr.write(
+      `note: per-user reviewer-model config written to ${userCfg.path} (Sonnet defaults).
+      Inspect with \`stamp config reviewers show\`; pin a different model with
+      \`stamp config reviewers set <reviewer> <model-id>\`.
+
+`
+    );
+  }
   console.log(
     `running ${reviewerNames.length} reviewer${reviewerNames.length === 1 ? "" : "s"} in parallel: ${reviewerNames.join(", ")}`
   );
@@ -2125,7 +2461,7 @@ async function runReview(opts) {
       reviewerNames.map(
         (name) => invokeReviewer({
           reviewer: name,
-          config,
+          config: config2,
           repoRoot,
           diff: resolved.diff,
           base_sha: resolved.base_sha,
@@ -2160,16 +2496,16 @@ async function runReview(opts) {
     db.close();
   }
 }
-function chooseReviewers(config, only) {
+function chooseReviewers(config2, only) {
   if (only) {
-    if (!(only in config.reviewers)) {
+    if (!(only in config2.reviewers)) {
       throw new Error(
-        `reviewer "${only}" is not configured. Available: ${Object.keys(config.reviewers).join(", ") || "(none)"}`
+        `reviewer "${only}" is not configured. Available: ${Object.keys(config2.reviewers).join(", ") || "(none)"}`
       );
     }
     return [only];
   }
-  return Object.keys(config.reviewers);
+  return Object.keys(config2.reviewers);
 }
 function printReview(result, base_sha, head_sha) {
   const bar = "\u2500".repeat(72);
@@ -2211,9 +2547,14 @@ var STARTER_PROMPTS = {
 };
 var BOOTSTRAP_BRANCH = "stamp/bootstrap";
 async function runBootstrap(opts = {}) {
+  if (process.env.STAMP_NO_LLM === "1") {
+    throw new Error(
+      `STAMP_NO_LLM=1 is set; refusing to start \`stamp bootstrap\` because it invokes the Claude Agent SDK to install reviewers. With this env var on, stamp's LLM-using commands (review / reviewers test / bootstrap) are disabled \u2014 no diff content will leave the host. The signing, verification, and merge primitives (stamp keys / stamp merge / stamp verify / stamp log / the pre-receive hook) all continue to work. Unset STAMP_NO_LLM to re-enable.`
+    );
+  }
   const repoRoot = findRepoRoot();
   const configFile = stampConfigFile(repoRoot);
-  if (!existsSync5(configFile)) {
+  if (!existsSync6(configFile)) {
     throw new Error(
       `no .stamp/config.yml at ${configFile}. This command runs against an already-provisioned stamp repo (cloned from a stamp server with the placeholder seed). For a fresh local repo, run \`stamp init\` instead.`
     );
@@ -2412,45 +2753,45 @@ function buildPlan(current, targetBranch, targetRule, opts) {
   };
 }
 function readSeedDir(seedDir) {
-  if (!existsSync5(seedDir) || !statSync(seedDir).isDirectory()) {
+  if (!existsSync6(seedDir) || !statSync(seedDir).isDirectory()) {
     throw new Error(`--from path is not a directory: ${seedDir}`);
   }
   const configPath = join3(seedDir, "config.yml");
-  if (!existsSync5(configPath)) {
+  if (!existsSync6(configPath)) {
     throw new Error(`--from dir missing config.yml: ${configPath}`);
   }
   const reviewersDir = join3(seedDir, "reviewers");
-  if (!existsSync5(reviewersDir) || !statSync(reviewersDir).isDirectory()) {
+  if (!existsSync6(reviewersDir) || !statSync(reviewersDir).isDirectory()) {
     throw new Error(`--from dir missing reviewers/ subdirectory: ${reviewersDir}`);
   }
-  const yaml = readFileSync4(configPath, "utf8");
-  const config = parseConfigFromYaml(yaml);
+  const yaml = readFileSync5(configPath, "utf8");
+  const config2 = parseConfigFromYaml(yaml);
   const reviewerFiles = /* @__PURE__ */ new Map();
   for (const entry of readdirSync(reviewersDir)) {
     const full = join3(reviewersDir, entry);
     if (statSync(full).isFile()) {
-      reviewerFiles.set(`.stamp/reviewers/${entry}`, readFileSync4(full, "utf8"));
+      reviewerFiles.set(`.stamp/reviewers/${entry}`, readFileSync5(full, "utf8"));
     }
   }
   let mirrorYml;
   const mirrorPath = join3(seedDir, "mirror.yml");
-  if (existsSync5(mirrorPath)) {
-    mirrorYml = readFileSync4(mirrorPath, "utf8");
+  if (existsSync6(mirrorPath)) {
+    mirrorYml = readFileSync5(mirrorPath, "utf8");
   }
-  return { config, reviewerFiles, mirrorYml };
+  return { config: config2, reviewerFiles, mirrorYml };
 }
 function writeBootstrapFiles(repoRoot, plan) {
   ensureDir(stampConfigDir(repoRoot));
   ensureDir(stampReviewersDir(repoRoot));
   for (const { path: path2, content } of plan.reviewerFiles.values()) {
     const full = join3(repoRoot, path2);
-    ensureDir(dirname2(full));
-    writeFileSync4(full, content);
+    ensureDir(dirname3(full));
+    writeFileSync5(full, content);
   }
   if (plan.mirrorYml !== void 0) {
-    writeFileSync4(join3(repoRoot, ".stamp/mirror.yml"), plan.mirrorYml);
+    writeFileSync5(join3(repoRoot, ".stamp/mirror.yml"), plan.mirrorYml);
   }
-  writeFileSync4(stampConfigFile(repoRoot), stringifyConfig(plan.newConfig));
+  writeFileSync5(stampConfigFile(repoRoot), stringifyConfig(plan.newConfig));
 }
 function printPlan(plan, opts) {
   const bar = "\u2500".repeat(72);
@@ -2491,7 +2832,7 @@ function branchExists(name, cwd) {
 }
 
 // src/commands/init.ts
-import { existsSync as existsSync6, writeFileSync as writeFileSync5 } from "fs";
+import { existsSync as existsSync7, writeFileSync as writeFileSync6 } from "fs";
 import { join as join4 } from "path";
 
 // src/lib/ghRuleset.ts
@@ -2663,40 +3004,41 @@ That command handles the bare-repo creation, clone, bootstrap merge, GitHub mirr
 For local-only / advisory use against this GitHub repo: re-run with \`stamp init --mode local-only\`. That mode is honest about the lack of server-side enforcement (signed merges still work, but \`git push origin main\` will not be rejected by the remote).`
     );
   }
-  const alreadyHasConfig = existsSync6(configFile);
+  const alreadyHasConfig = existsSync7(configFile);
   ensureDir(configDir);
   ensureDir(reviewersDir);
   ensureDir(trustedKeysDir);
   if (!alreadyHasConfig) {
     if (opts.minimal) {
-      writeFileSync5(configFile, stringifyConfig(MINIMAL_CONFIG));
-      writeFileSync5(join4(reviewersDir, "example.md"), EXAMPLE_REVIEWER_PROMPT);
+      writeFileSync6(configFile, stringifyConfig(MINIMAL_CONFIG));
+      writeFileSync6(join4(reviewersDir, "example.md"), EXAMPLE_REVIEWER_PROMPT);
     } else {
-      writeFileSync5(configFile, stringifyConfig(DEFAULT_CONFIG));
-      writeFileSync5(
+      writeFileSync6(configFile, stringifyConfig(DEFAULT_CONFIG));
+      writeFileSync6(
         join4(reviewersDir, "security.md"),
         DEFAULT_SECURITY_PROMPT
       );
-      writeFileSync5(
+      writeFileSync6(
         join4(reviewersDir, "standards.md"),
         DEFAULT_STANDARDS_PROMPT
       );
-      writeFileSync5(
+      writeFileSync6(
         join4(reviewersDir, "product.md"),
         DEFAULT_PRODUCT_PROMPT
       );
     }
   }
   const { keypair, created: keyCreated } = ensureUserKeypair();
+  const userCfg = loadOrCreateUserConfig();
   const pubKeyPath = join4(
     trustedKeysDir,
     publicKeyFingerprintFilename(keypair.fingerprint)
   );
-  const keyDeposited = !existsSync6(pubKeyPath);
+  const keyDeposited = !existsSync7(pubKeyPath);
   if (keyDeposited) {
-    writeFileSync5(pubKeyPath, keypair.publicKeyPem);
+    writeFileSync6(pubKeyPath, keypair.publicKeyPem);
   }
-  const dbExisted = existsSync6(stateDbPath);
+  const dbExisted = existsSync7(stateDbPath);
   const db = openDb(stateDbPath);
   db.close();
   const agentsMdAction = opts.agentsMd === false ? "skipped" : ensureAgentsMd(repoRoot, effectiveMode);
@@ -2729,6 +3071,9 @@ For local-only / advisory use against this GitHub repo: re-run with \`stamp init
       `  CLAUDE.md:   ${claudeMdAction} at repo root (auto-loaded by Claude Code)`
     );
   }
+  console.log(
+    `  models:      ${userCfg.path}${userCfg.created ? " (created \u2014 Sonnet defaults; tweak with `stamp config reviewers set <name> <model-id>`)" : " (existing)"}`
+  );
   console.log();
   if (opts.bootstrapCommit !== false) {
     printBootstrapCommitResult(runBootstrapCommit(repoRoot, scaffoldOrSync));
@@ -2823,8 +3168,8 @@ function runBootstrapCommit(repoRoot, scaffoldOrSync) {
     return { kind: "skipped-already-tracked" };
   }
   const toAdd = [".stamp"];
-  if (existsSync6(join4(repoRoot, "AGENTS.md"))) toAdd.push("AGENTS.md");
-  if (existsSync6(join4(repoRoot, "CLAUDE.md"))) toAdd.push("CLAUDE.md");
+  if (existsSync7(join4(repoRoot, "AGENTS.md"))) toAdd.push("AGENTS.md");
+  if (existsSync7(join4(repoRoot, "CLAUDE.md"))) toAdd.push("CLAUDE.md");
   runGit(["add", ...toAdd], repoRoot);
   let hasStagedChanges = false;
   try {
@@ -2993,13 +3338,13 @@ function resolveMode(userMode, remoteClass) {
 
 // src/commands/provision.ts
 import { spawnSync as spawnSync4 } from "child_process";
-import { existsSync as existsSync8, mkdtempSync, rmSync, writeFileSync as writeFileSync6 } from "fs";
+import { existsSync as existsSync9, mkdtempSync, rmSync, writeFileSync as writeFileSync7 } from "fs";
 import { tmpdir } from "os";
 import { join as join5, resolve as resolvePath } from "path";
 
 // src/lib/serverConfig.ts
-import { existsSync as existsSync7, readFileSync as readFileSync5 } from "fs";
-import { parse as parseYaml3 } from "yaml";
+import { existsSync as existsSync8, readFileSync as readFileSync6 } from "fs";
+import { parse as parseYaml4 } from "yaml";
 var DEFAULT_USER = "git";
 var DEFAULT_REPO_ROOT = "/srv/git";
 var USER_RE = /^[A-Za-z0-9_][A-Za-z0-9._-]*$/;
@@ -3025,10 +3370,10 @@ function validateField(field, value, contextPath) {
 }
 function loadServerConfig() {
   const path2 = userServerConfigPath();
-  if (!existsSync7(path2)) return null;
+  if (!existsSync8(path2)) return null;
   let raw;
   try {
-    raw = readFileSync5(path2, "utf8");
+    raw = readFileSync6(path2, "utf8");
   } catch (err) {
     throw new Error(
       `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
@@ -3037,7 +3382,7 @@ function loadServerConfig() {
   return parseServerConfig(raw, path2);
 }
 function parseServerConfig(raw, contextPath = "<inline>") {
-  const parsed = parseYaml3(raw);
+  const parsed = parseYaml4(raw);
   if (!parsed || typeof parsed !== "object") {
     throw new Error(`${contextPath}: must be a YAML mapping with at least 'host' and 'port'`);
   }
@@ -3108,7 +3453,7 @@ See docs/quickstart-server.md for how to deploy a stamp server first.`
     return;
   }
   const cloneTarget = resolvePath(opts.into ?? opts.name);
-  if (existsSync8(cloneTarget)) {
+  if (existsSync9(cloneTarget)) {
     throw new Error(
       `clone destination already exists: ${cloneTarget}. Move or remove it, or pass --into <other-path>.`
     );
@@ -3228,7 +3573,7 @@ function writeMirrorYml(cloneTarget, mirror) {
   #   - "v*"
 `;
   const path2 = `${cloneTarget}/.stamp/mirror.yml`;
-  writeFileSync6(path2, yml);
+  writeFileSync7(path2, yml);
   console.log(`Wrote mirror.yml \u2192 .stamp/mirror.yml (${mirror.owner}/${mirror.repo})`);
 }
 function applyMirrorRuleset(mirror) {
@@ -3351,7 +3696,7 @@ function ensureCwdIsGitRepo(cwd) {
   }
 }
 function ensureStampInitDone(cwd) {
-  if (!existsSync8(join5(cwd, ".stamp", "config.yml"))) {
+  if (!existsSync9(join5(cwd, ".stamp", "config.yml"))) {
     throw new Error(
       `--migrate-existing expects this repo to already be stamp-init'd (${join5(cwd, ".stamp/config.yml")} not found). Run \`stamp init --mode local-only\` first, calibrate your reviewers, then re-run with --migrate-existing.`
     );
@@ -3665,7 +4010,7 @@ function prompt(question) {
 }
 
 // src/commands/keys.ts
-import { existsSync as existsSync9, readdirSync as readdirSync2, readFileSync as readFileSync6, writeFileSync as writeFileSync7 } from "fs";
+import { existsSync as existsSync10, readdirSync as readdirSync2, readFileSync as readFileSync7, writeFileSync as writeFileSync8 } from "fs";
 import { basename, join as join6 } from "path";
 function keysGenerate() {
   const existing = loadUserKeypair();
@@ -3699,7 +4044,7 @@ function keysList() {
     const repoRoot = findRepoRoot();
     const trustedDir = stampTrustedKeysDir(repoRoot);
     console.log(`repo trusted keys: ${trustedDir}/`);
-    if (!existsSync9(trustedDir)) {
+    if (!existsSync10(trustedDir)) {
       console.log("  (directory does not exist \u2014 run `stamp init`)");
       return;
     }
@@ -3710,7 +4055,7 @@ function keysList() {
     }
     for (const file of pubFiles.sort()) {
       try {
-        const pem = readFileSync6(join6(trustedDir, file), "utf8");
+        const pem = readFileSync7(join6(trustedDir, file), "utf8");
         const fp = fingerprintFromPem(pem);
         const marker = local && fp === local.fingerprint ? " (you)" : "";
         console.log(`  ${fp}${marker}  [${file}]`);
@@ -3729,15 +4074,15 @@ function keysExport() {
 function keysTrust(pubFile) {
   const repoRoot = findRepoRoot();
   const trustedDir = stampTrustedKeysDir(repoRoot);
-  if (!existsSync9(trustedDir)) {
+  if (!existsSync10(trustedDir)) {
     throw new Error(
       `no ${trustedDir} \u2014 run \`stamp init\` first to create the trust store`
     );
   }
-  if (!existsSync9(pubFile)) {
+  if (!existsSync10(pubFile)) {
     throw new Error(`public key file not found: ${pubFile}`);
   }
-  const pem = readFileSync6(pubFile, "utf8");
+  const pem = readFileSync7(pubFile, "utf8");
   let fingerprint;
   try {
     fingerprint = fingerprintFromPem(pem);
@@ -3748,11 +4093,11 @@ function keysTrust(pubFile) {
   }
   const filename = publicKeyFingerprintFilename(fingerprint);
   const dest = join6(trustedDir, filename);
-  if (existsSync9(dest)) {
+  if (existsSync10(dest)) {
     console.log(`${fingerprint} is already trusted (${basename(dest)})`);
     return;
   }
-  writeFileSync7(dest, pem);
+  writeFileSync8(dest, pem);
   console.log(`trusted ${fingerprint}`);
   console.log(`  \u2192 ${dest}`);
   console.log();
@@ -3760,11 +4105,11 @@ function keysTrust(pubFile) {
 }
 
 // src/commands/log.ts
-import { existsSync as existsSync10 } from "fs";
+import { existsSync as existsSync11 } from "fs";
 function runLog(opts) {
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  if (!existsSync10(configPath)) {
+  if (!existsSync11(configPath)) {
     throw new Error(
       `no .stamp/config.yml at ${configPath}. Run \`stamp init\` first.`
     );
@@ -3881,7 +4226,7 @@ function printCommitDetail(sha, repoRoot) {
 }
 function collectReviewProse(repoRoot, payload) {
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync10(dbPath)) return [];
+  if (!existsSync11(dbPath)) return [];
   const db = openDb(dbPath);
   try {
     const rows = latestReviews(db, payload.base_sha, payload.head_sha);
@@ -3895,7 +4240,7 @@ function printReviewHistory(repoRoot, limit, diff) {
   const configPath = stampConfigFile(repoRoot);
   loadConfig(configPath);
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync10(dbPath)) {
+  if (!existsSync11(dbPath)) {
     console.log("No reviews recorded yet.");
     return;
   }
@@ -3936,7 +4281,8 @@ function printReviewHistory(repoRoot, limit, diff) {
 }
 
 // src/commands/prune.ts
-import { existsSync as existsSync11, statSync as statSync2 } from "fs";
+import { existsSync as existsSync12, readdirSync as readdirSync3, statSync as statSync2, unlinkSync as unlinkSync2 } from "fs";
+import { join as join7 } from "path";
 
 // src/lib/duration.ts
 function parseRetentionDuration(input) {
@@ -3949,53 +4295,116 @@ function parseRetentionDuration(input) {
   const n = match[1];
   const unit = match[2];
   const unitWord = unit === "d" ? "days" : unit === "h" ? "hours" : "minutes";
+  const nNum = Number(n);
+  const msPerUnit = unit === "d" ? 864e5 : unit === "h" ? 36e5 : 6e4;
   return {
     sqliteModifier: `-${n} ${unitWord}`,
-    humanLabel: `${n}${unit}`
+    humanLabel: `${n}${unit}`,
+    durationMs: nNum * msPerUnit
   };
 }
 
 // src/commands/prune.ts
 function runPrune(opts) {
-  const { sqliteModifier, humanLabel } = parseRetentionDuration(opts.olderThan);
+  const { sqliteModifier, humanLabel, durationMs } = parseRetentionDuration(
+    opts.olderThan
+  );
   const repoRoot = findRepoRoot();
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync11(dbPath)) {
+  const spoolDir = join7(gitCommonDir(repoRoot), "stamp", "failed-parses");
+  const spoolCutoffMs = Date.now() - durationMs;
+  if (!existsSync12(dbPath) && !existsSync12(spoolDir)) {
     console.log(
-      `note: ${dbPath} does not exist; nothing to prune (state.db is created on first \`stamp review\`)`
+      `note: nothing to prune (neither ${dbPath} nor ${spoolDir} exists \u2014 both are created on first \`stamp review\`)`
     );
     return;
   }
-  const sizeBefore = statSync2(dbPath).size;
-  const db = openDb(dbPath);
+  const db = existsSync12(dbPath) ? openDb(dbPath) : null;
   try {
     if (opts.dryRun) {
-      const peek = peekPrunable(db, sqliteModifier);
-      if (peek.total === 0) {
-        console.log(`note: nothing to prune (no rows older than ${humanLabel})`);
-        return;
+      let any2 = false;
+      if (db) {
+        const peek = peekPrunable(db, sqliteModifier);
+        if (peek.total > 0) {
+          console.log(
+            `would prune ${peek.total} review row${peek.total === 1 ? "" : "s"} older than ${humanLabel} (${peek.perReviewer.length} reviewer${peek.perReviewer.length === 1 ? "" : "s"} affected):`
+          );
+          printPerReviewer(peek.perReviewer);
+          any2 = true;
+        }
       }
+      const spoolPeek = peekFailedParseSpools(spoolDir, spoolCutoffMs);
+      if (spoolPeek.length > 0) {
+        if (any2) console.log("");
+        console.log(
+          `would prune ${spoolPeek.length} failed-parse spool file${spoolPeek.length === 1 ? "" : "s"} older than ${humanLabel}:`
+        );
+        for (const f of spoolPeek) console.log(`  ${f}`);
+        any2 = true;
+      }
+      if (!any2) {
+        console.log(`note: nothing to prune (no rows or spools older than ${humanLabel})`);
+      } else {
+        console.log("\n(dry run \u2014 no changes made)");
+      }
+      return;
+    }
+    let any = false;
+    if (db) {
+      const sizeBefore = statSync2(dbPath).size;
+      const result = pruneReviews(db, sqliteModifier);
+      if (result.total > 0) {
+        db.exec("VACUUM");
+        const sizeAfter = statSync2(dbPath).size;
+        console.log(
+          `${result.total} review row${result.total === 1 ? "" : "s"} pruned (${result.perReviewer.length} reviewer${result.perReviewer.length === 1 ? "" : "s"} affected); db size ${sizeBefore} \u2192 ${sizeAfter} bytes`
+        );
+        printPerReviewer(result.perReviewer);
+        any = true;
+      }
+    }
+    const spoolDeleted = pruneFailedParseSpools(spoolDir, spoolCutoffMs);
+    if (spoolDeleted > 0) {
+      if (any) console.log("");
       console.log(
-        `would prune ${peek.total} row${peek.total === 1 ? "" : "s"} older than ${humanLabel} (${peek.perReviewer.length} reviewer${peek.perReviewer.length === 1 ? "" : "s"} affected):`
+        `${spoolDeleted} failed-parse spool file${spoolDeleted === 1 ? "" : "s"} pruned`
       );
-      printPerReviewer(peek.perReviewer);
-      console.log("\n(dry run \u2014 no changes made)");
-      return;
+      any = true;
     }
-    const result = pruneReviews(db, sqliteModifier);
-    if (result.total === 0) {
-      console.log(`note: nothing to prune (no rows older than ${humanLabel})`);
-      return;
+    if (!any) {
+      console.log(`note: nothing to prune (no rows or spools older than ${humanLabel})`);
     }
-    db.exec("VACUUM");
-    const sizeAfter = statSync2(dbPath).size;
-    console.log(
-      `${result.total} row${result.total === 1 ? "" : "s"} pruned (${result.perReviewer.length} reviewer${result.perReviewer.length === 1 ? "" : "s"} affected); db size ${sizeBefore} \u2192 ${sizeAfter} bytes`
-    );
-    printPerReviewer(result.perReviewer);
   } finally {
-    db.close();
+    db?.close();
+  }
+}
+function peekFailedParseSpools(spoolDir, cutoffMs) {
+  if (!existsSync12(spoolDir)) return [];
+  const out = [];
+  for (const entry of readdirSync3(spoolDir)) {
+    const filepath = join7(spoolDir, entry);
+    let stat;
+    try {
+      stat = statSync2(filepath);
+    } catch {
+      continue;
+    }
+    if (!stat.isFile()) continue;
+    if (stat.mtimeMs < cutoffMs) out.push(filepath);
   }
+  return out.sort();
+}
+function pruneFailedParseSpools(spoolDir, cutoffMs) {
+  const targets = peekFailedParseSpools(spoolDir, cutoffMs);
+  let deleted = 0;
+  for (const filepath of targets) {
+    try {
+      unlinkSync2(filepath);
+      deleted++;
+    } catch {
+    }
+  }
+  return deleted;
 }
 function printPerReviewer(rows) {
   const maxNameLen = Math.max(16, ...rows.map((r) => r.reviewer.length));
@@ -4007,9 +4416,9 @@ function printPerReviewer(rows) {
 }
 
 // src/commands/server.ts
-import { existsSync as existsSync12, mkdirSync as mkdirSync3, renameSync, unlinkSync, writeFileSync as writeFileSync8 } from "fs";
-import { dirname as dirname3 } from "path";
-import { stringify as stringifyYaml } from "yaml";
+import { existsSync as existsSync13, mkdirSync as mkdirSync4, renameSync as renameSync2, unlinkSync as unlinkSync3, writeFileSync as writeFileSync9 } from "fs";
+import { dirname as dirname4 } from "path";
+import { stringify as stringifyYaml2 } from "yaml";
 function formatServerConfigYaml(opts) {
   const body = {
     host: opts.host,
@@ -4019,7 +4428,7 @@ function formatServerConfigYaml(opts) {
   if (opts.repoRootPrefix && opts.repoRootPrefix.trim()) {
     body.repo_root_prefix = opts.repoRootPrefix.trim();
   }
-  return stringifyYaml(body);
+  return stringifyYaml2(body);
 }
 function runServerConfig(opts) {
   const modes = [opts.hostPort, opts.show, opts.unset].filter(Boolean).length;
@@ -4039,7 +4448,7 @@ function runServerConfig(opts) {
 }
 function showConfig() {
   const path2 = userServerConfigPath();
-  if (!existsSync12(path2)) {
+  if (!existsSync13(path2)) {
     console.log(`note: no stamp server configured (${path2} does not exist)`);
     console.log(`note: run \`stamp server config <host:port>\` to create one`);
     return;
@@ -4057,11 +4466,11 @@ function showConfig() {
 }
 function unsetConfig() {
   const path2 = userServerConfigPath();
-  if (!existsSync12(path2)) {
+  if (!existsSync13(path2)) {
     console.log(`note: ${path2} does not exist; nothing to remove`);
     return;
   }
-  unlinkSync(path2);
+  unlinkSync3(path2);
   console.log(`removed ${path2}`);
 }
 function writeConfig(opts) {
@@ -4078,11 +4487,11 @@ function writeConfig(opts) {
     repoRootPrefix: opts.repoRootPrefix
   });
   const path2 = userServerConfigPath();
-  const dir = dirname3(path2);
-  if (!existsSync12(dir)) mkdirSync3(dir, { recursive: true, mode: 448 });
+  const dir = dirname4(path2);
+  if (!existsSync13(dir)) mkdirSync4(dir, { recursive: true, mode: 448 });
   const tmp = `${path2}.tmp.${process.pid}`;
-  writeFileSync8(tmp, yaml, { mode: 384 });
-  renameSync(tmp, path2);
+  writeFileSync9(tmp, yaml, { mode: 384 });
+  renameSync2(tmp, path2);
   console.log(`wrote ${path2}`);
   console.log(`host:             ${parsed.host}`);
   console.log(`port:             ${parsed.port}`);
@@ -4094,31 +4503,149 @@ function writeConfig(opts) {
   }
 }
 
+// src/commands/config.ts
+import { existsSync as existsSync14 } from "fs";
+function runConfigReviewersSet(opts) {
+  if (!isValidReviewerName(opts.reviewer)) {
+    throw new UsageError(
+      `invalid reviewer name '${opts.reviewer}'. Names must be alphanumerics + '_' / '-', max 64 chars, no leading hyphen \u2014 same shape as \`stamp reviewers add\` accepts.`
+    );
+  }
+  const id = opts.modelId.trim();
+  if (id === "") {
+    throw new UsageError(
+      `model id is required and must be a non-empty string (e.g. 'claude-sonnet-4-6' or 'claude-opus-4-7')`
+    );
+  }
+  if (!isValidModelId(id)) {
+    throw new UsageError(
+      `model id '${opts.modelId}' has an invalid shape \u2014 expected a token like 'claude-sonnet-4-6' or 'claude-opus-4-7'. The agent SDK treats this as an opaque string, so a typo here will fail at API-call time rather than at config-write \u2014 but stamp rejects shapes with whitespace or control chars.`
+    );
+  }
+  const existing = loadOrEmpty();
+  const prior = existing.reviewers[opts.reviewer];
+  const next = {
+    reviewers: { ...existing.reviewers, [opts.reviewer]: id }
+  };
+  const path2 = writeUserConfig(next);
+  if (prior === id) {
+    console.log(`reviewers.${opts.reviewer} = ${id} (unchanged)`);
+  } else if (prior) {
+    console.log(`reviewers.${opts.reviewer}: ${prior} -> ${id}`);
+  } else {
+    console.log(`reviewers.${opts.reviewer} = ${id} (new)`);
+  }
+  console.log(`wrote ${path2}`);
+}
+function runConfigReviewersClear(opts) {
+  if (opts.all && opts.reviewer) {
+    throw new UsageError(
+      `\`stamp config reviewers clear\`: pass either <reviewer> or --all, not both`
+    );
+  }
+  if (!opts.all && !opts.reviewer) {
+    throw new UsageError(
+      `\`stamp config reviewers clear\`: pass <reviewer> to clear one entry or --all to remove the whole config`
+    );
+  }
+  if (opts.all) {
+    const removed = deleteUserConfig();
+    const path3 = userConfigPath();
+    if (removed) {
+      console.log(`removed ${path3}`);
+    } else {
+      console.log(`note: ${path3} does not exist; nothing to remove`);
+    }
+    return;
+  }
+  const reviewer = opts.reviewer;
+  if (!isValidReviewerName(reviewer)) {
+    throw new UsageError(
+      `invalid reviewer name '${reviewer}'. Names must be alphanumerics + '_' / '-', max 64 chars, no leading hyphen \u2014 same shape as \`stamp reviewers add\` accepts.`
+    );
+  }
+  const existing = loadOrEmpty();
+  if (!(reviewer in existing.reviewers)) {
+    console.log(`note: reviewers.${reviewer} is not set; nothing to clear`);
+    return;
+  }
+  const next = { reviewers: { ...existing.reviewers } };
+  delete next.reviewers[reviewer];
+  const path2 = writeUserConfig(next);
+  console.log(`cleared reviewers.${reviewer}`);
+  console.log(`wrote ${path2}`);
+}
+function runConfigReviewersShow() {
+  const path2 = userConfigPath();
+  if (!existsSync14(path2)) {
+    console.log(`note: no per-user stamp config (${path2} does not exist).`);
+    console.log(
+      `      Defaults will apply on next \`stamp init\` or \`stamp review\`:`
+    );
+    for (const [name, id] of Object.entries(DEFAULT_REVIEWER_MODELS)) {
+      console.log(`        ${name}: ${id}  (default)`);
+    }
+    console.log(
+      `      Pin a different model: \`stamp config reviewers set <reviewer> <model-id>\``
+    );
+    return;
+  }
+  const cfg = loadUserConfig() ?? { reviewers: {} };
+  console.log(`config: ${path2}`);
+  const names = Object.keys(cfg.reviewers).sort();
+  if (names.length === 0) {
+    console.log(`(no reviewer overrides; SDK default model in use for every reviewer)`);
+    console.log(
+      `Pin one with: \`stamp config reviewers set <reviewer> <model-id>\``
+    );
+    return;
+  }
+  console.log(`reviewers:`);
+  const maxNameLen = Math.max(...names.map((n) => n.length));
+  for (const name of names) {
+    const id = cfg.reviewers[name];
+    const tag = DEFAULT_REVIEWER_MODELS[name] === id ? "  (matches default)" : DEFAULT_REVIEWER_MODELS[name] ? `  (default: ${DEFAULT_REVIEWER_MODELS[name]})` : "";
+    console.log(`  ${name.padEnd(maxNameLen)}  ${id}${tag}`);
+  }
+  const unpinned = Object.keys(DEFAULT_REVIEWER_MODELS).filter(
+    (n) => !(n in cfg.reviewers)
+  );
+  if (unpinned.length > 0) {
+    console.log(`unpinned (will use default at review time):`);
+    for (const name of unpinned) {
+      console.log(`  ${name.padEnd(maxNameLen)}  ${DEFAULT_REVIEWER_MODELS[name]}  (default)`);
+    }
+  }
+}
+function loadOrEmpty() {
+  return loadUserConfig() ?? { reviewers: {} };
+}
+
 // src/commands/reviewers.ts
 import { spawnSync as spawnSync6 } from "child_process";
 import {
-  existsSync as existsSync14,
-  readFileSync as readFileSync8,
+  existsSync as existsSync16,
+  readFileSync as readFileSync9,
   statSync as statSync3,
-  unlinkSync as unlinkSync2,
-  writeFileSync as writeFileSync10
+  unlinkSync as unlinkSync4,
+  writeFileSync as writeFileSync11
 } from "fs";
-import { join as join8, relative, resolve } from "path";
-import { parse as parseYaml4, stringify as stringifyYaml2 } from "yaml";
+import { join as join9, relative, resolve } from "path";
+import { parse as parseYaml5, stringify as stringifyYaml3 } from "yaml";
 
 // src/lib/reviewerLock.ts
-import { existsSync as existsSync13, readFileSync as readFileSync7, writeFileSync as writeFileSync9 } from "fs";
-import { join as join7 } from "path";
+import { existsSync as existsSync15, readFileSync as readFileSync8, writeFileSync as writeFileSync10 } from "fs";
+import { join as join8 } from "path";
 var LOCK_FILE_VERSION = 1;
 var LOCK_DRIFT_EXIT = 3;
 function lockFilePath(repoRoot, reviewerName) {
-  return join7(repoRoot, ".stamp", "reviewers", `${reviewerName}.lock.json`);
+  return join8(repoRoot, ".stamp", "reviewers", `${reviewerName}.lock.json`);
 }
 function readLockFile(repoRoot, reviewerName) {
   const path2 = lockFilePath(repoRoot, reviewerName);
-  if (!existsSync13(path2)) return null;
+  if (!existsSync15(path2)) return null;
   try {
-    const raw = readFileSync7(path2, "utf8");
+    const raw = readFileSync8(path2, "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed.version !== "number" || typeof parsed.source !== "string" || typeof parsed.ref !== "string" || typeof parsed.reviewer !== "string" || typeof parsed.prompt_sha256 !== "string" || typeof parsed.tools_sha256 !== "string" || typeof parsed.mcp_sha256 !== "string") {
       throw new Error(`malformed lock file at ${path2}`);
@@ -4132,20 +4659,20 @@ function readLockFile(repoRoot, reviewerName) {
 }
 function writeLockFile(repoRoot, reviewerName, lock) {
   const path2 = lockFilePath(repoRoot, reviewerName);
-  writeFileSync9(path2, JSON.stringify(lock, null, 2) + "\n", "utf8");
+  writeFileSync10(path2, JSON.stringify(lock, null, 2) + "\n", "utf8");
 }
 function checkReviewerDrift(repoRoot, reviewerName, def) {
   const lock = readLockFile(repoRoot, reviewerName);
   if (!lock) {
     return unpinnedResult();
   }
-  const promptPath = join7(repoRoot, def.prompt);
-  if (!existsSync13(promptPath)) {
+  const promptPath = join8(repoRoot, def.prompt);
+  if (!existsSync15(promptPath)) {
     throw new Error(
       `reviewer "${reviewerName}" has a lock file but its prompt "${def.prompt}" does not exist on disk. Re-run 'stamp reviewers fetch ${reviewerName} --from ${lock.source}@${lock.ref}' to restore it, or delete the lock file to un-pin the reviewer.`
     );
   }
-  const promptBytes = readFileSync7(promptPath);
+  const promptBytes = readFileSync8(promptPath);
   const observedPrompt = hashPromptBytes(promptBytes);
   const observedTools = hashTools(def.tools);
   const observedMcp = hashMcpServers(def.mcp_servers);
@@ -4211,8 +4738,8 @@ function requireValidReviewerName(name) {
 }
 function reviewersList() {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  const names = Object.keys(config.reviewers);
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  const names = Object.keys(config2.reviewers);
   if (names.length === 0) {
     console.log("No reviewers configured in .stamp/config.yml.");
     return;
@@ -4223,10 +4750,10 @@ function reviewersList() {
   console.log(bar);
   const maxNameLen = Math.max(...names.map((n) => n.length));
   for (const name of names) {
-    const def = config.reviewers[name];
+    const def = config2.reviewers[name];
     const abs = resolve(repoRoot, def.prompt);
     let annotation = "";
-    if (!existsSync14(abs)) {
+    if (!existsSync16(abs)) {
       annotation = "  MISSING";
     } else {
       const size = statSync3(abs).size;
@@ -4236,15 +4763,15 @@ function reviewersList() {
   }
   console.log(bar);
   console.log("branch rules:");
-  for (const [branch, rule] of Object.entries(config.branches)) {
+  for (const [branch, rule] of Object.entries(config2.branches)) {
     console.log(`  ${branch}  required: [${rule.required.join(", ")}]`);
   }
   console.log(bar);
 }
 function reviewersEdit(name) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  const def = config.reviewers[name];
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  const def = config2.reviewers[name];
   if (!def) {
     throw new Error(
       `reviewer "${name}" is not configured. Run \`stamp reviewers list\` to see available reviewers.`
@@ -4257,27 +4784,27 @@ function reviewersAdd(name, opts = {}) {
   requireValidReviewerName(name);
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  const config = loadConfig(configPath);
-  if (config.reviewers[name]) {
+  const config2 = loadConfig(configPath);
+  if (config2.reviewers[name]) {
     throw new Error(
       `reviewer "${name}" already exists. Use \`stamp reviewers edit ${name}\` to change its prompt.`
     );
   }
   const promptRel = `.stamp/reviewers/${name}.md`;
   const promptAbs = resolve(repoRoot, promptRel);
-  if (existsSync14(promptAbs)) {
+  if (existsSync16(promptAbs)) {
     throw new Error(
       `${promptRel} already exists on disk but is not in config. Either delete the file or add it to config manually.`
     );
   }
-  writeFileSync10(
+  writeFileSync11(
     promptAbs,
     `# ${name}
 
 ${EXAMPLE_REVIEWER_PROMPT.split("\n").slice(2).join("\n")}`
   );
-  config.reviewers[name] = { prompt: promptRel };
-  writeFileSync10(configPath, stringifyConfig(config));
+  config2.reviewers[name] = { prompt: promptRel };
+  writeFileSync11(configPath, stringifyConfig(config2));
   console.log(`reviewer "${name}" added.`);
   console.log(`  prompt file: ${promptRel}`);
   console.log(`  registered in .stamp/config.yml`);
@@ -4295,15 +4822,15 @@ Opening ${promptRel} in $EDITOR...`);
 function reviewersRemove(name, opts = {}) {
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  const config = loadConfig(configPath);
-  const def = config.reviewers[name];
+  const config2 = loadConfig(configPath);
+  const def = config2.reviewers[name];
   if (!def) {
     throw new Error(
       `reviewer "${name}" is not configured. Nothing to remove.`
     );
   }
   const referencedBy = [];
-  for (const [branch, rule] of Object.entries(config.branches)) {
+  for (const [branch, rule] of Object.entries(config2.branches)) {
     if (rule.required.includes(name)) referencedBy.push(branch);
   }
   if (referencedBy.length > 0) {
@@ -4311,13 +4838,13 @@ function reviewersRemove(name, opts = {}) {
       `reviewer "${name}" is required by branch(es): ${referencedBy.join(", ")}. Remove it from those branches' \`required\` list in .stamp/config.yml before removing.`
     );
   }
-  delete config.reviewers[name];
-  writeFileSync10(configPath, stringifyConfig(config));
+  delete config2.reviewers[name];
+  writeFileSync11(configPath, stringifyConfig(config2));
   console.log(`reviewer "${name}" removed from .stamp/config.yml`);
   if (opts.deleteFile) {
     const promptAbs = resolve(repoRoot, def.prompt);
-    if (existsSync14(promptAbs)) {
-      unlinkSync2(promptAbs);
+    if (existsSync16(promptAbs)) {
+      unlinkSync4(promptAbs);
       console.log(`deleted ${def.prompt}`);
     }
   } else {
@@ -4328,8 +4855,8 @@ function reviewersRemove(name, opts = {}) {
 }
 async function reviewersTest(name, diff) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  if (!config.reviewers[name]) {
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  if (!config2.reviewers[name]) {
     throw new Error(
       `reviewer "${name}" is not configured. Run \`stamp reviewers list\`.`
     );
@@ -4346,12 +4873,12 @@ async function reviewersTest(name, diff) {
   );
   console.log(`  prompt sourced from working tree (test/iteration use case)`);
   console.log();
-  const def = config.reviewers[name];
-  const promptPath = join8(repoRoot, def.prompt);
-  const systemPrompt = readFileSync8(promptPath, "utf8");
+  const def = config2.reviewers[name];
+  const promptPath = join9(repoRoot, def.prompt);
+  const systemPrompt = readFileSync9(promptPath, "utf8");
   const result = await invokeReviewer({
     reviewer: name,
-    config,
+    config: config2,
     repoRoot,
     diff: resolved.diff,
     base_sha: resolved.base_sha,
@@ -4368,14 +4895,14 @@ async function reviewersTest(name, diff) {
 }
 function reviewersShow(name, opts) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  if (!config.reviewers[name]) {
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  if (!config2.reviewers[name]) {
     throw new Error(
       `reviewer "${name}" is not configured. Run \`stamp reviewers list\`.`
     );
   }
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync14(dbPath)) {
+  if (!existsSync16(dbPath)) {
     console.log("No reviews recorded yet (no state.db).");
     return;
   }
@@ -4391,7 +4918,7 @@ function reviewersShow(name, opts) {
   const bar = "\u2500".repeat(72);
   console.log(bar);
   console.log(`reviewer: ${name}`);
-  console.log(`prompt:   ${config.reviewers[name].prompt}`);
+  console.log(`prompt:   ${config2.reviewers[name].prompt}`);
   console.log(bar);
   if (stats.total === 0) {
     console.log("  no verdicts recorded yet");
@@ -4465,7 +4992,7 @@ async function reviewersFetch(reviewerName, opts) {
     opts.expectMcpSha
   );
   const reviewersDir = stampReviewersDir(repoRoot);
-  if (!existsSync14(reviewersDir)) {
+  if (!existsSync16(reviewersDir)) {
     throw new Error(
       `${reviewersDir} does not exist \u2014 run \`stamp init\` first.`
     );
@@ -4478,7 +5005,7 @@ async function reviewersFetch(reviewerName, opts) {
   let tools;
   let mcpServers;
   if (configYaml !== null) {
-    const parsed = parseYaml4(configYaml) ?? {};
+    const parsed = parseYaml5(configYaml) ?? {};
     if (Array.isArray(parsed.tools)) {
       tools = parseToolsLoose(parsed.tools);
     }
@@ -4486,7 +5013,7 @@ async function reviewersFetch(reviewerName, opts) {
       mcpServers = validateMcpServersFromSource(parsed.mcp_servers, source, ref);
     }
   }
-  const promptPath = join8(reviewersDir, `${reviewerName}.md`);
+  const promptPath = join9(reviewersDir, `${reviewerName}.md`);
   const promptBytes = Buffer.from(promptText, "utf8");
   const promptSha = hashPromptBytes(promptBytes);
   const toolsSha = hashTools(tools);
@@ -4510,7 +5037,7 @@ async function reviewersFetch(reviewerName, opts) {
       mcpSha
     );
   }
-  writeFileSync10(promptPath, promptBytes);
+  writeFileSync11(promptPath, promptBytes);
   const lock = {
     version: LOCK_FILE_VERSION,
     source,
@@ -4546,8 +5073,8 @@ async function reviewersFetch(reviewerName, opts) {
 function reviewersVerify(opts) {
   if (opts.only) requireValidReviewerName(opts.only);
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  const names = opts.only ? [opts.only] : Object.keys(config.reviewers);
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  const names = opts.only ? [opts.only] : Object.keys(config2.reviewers);
   if (names.length === 0) {
     console.log("No reviewers configured.");
     return;
@@ -4560,7 +5087,7 @@ function reviewersVerify(opts) {
   let anyDrift = false;
   let anyLocked = false;
   for (const name of names) {
-    const def = config.reviewers[name];
+    const def = config2.reviewers[name];
     if (!def) {
       console.error(
         `error: reviewer '${name}' is not in .stamp/config.yml. Add it with \`stamp reviewers add ${name}\` or remove its lock file.`
@@ -4735,7 +5262,7 @@ function buildConfigYamlHint(reviewerName, tools, mcpServers) {
   if (mcpServers && Object.keys(mcpServers).length > 0) {
     reviewerBlock.mcp_servers = mcpServers;
   }
-  return stringifyYaml2({ reviewers: { [reviewerName]: reviewerBlock } }).trimEnd();
+  return stringifyYaml3({ reviewers: { [reviewerName]: reviewerBlock } }).trimEnd();
 }
 function launchEditor(path2) {
   const editor = process.env["EDITOR"] ?? process.env["VISUAL"] ?? (process.platform === "win32" ? "notepad" : "vi");
@@ -4751,22 +5278,22 @@ function launchEditor(path2) {
 }
 
 // src/commands/status.ts
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync17 } from "fs";
 function runStatus(opts) {
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  if (!existsSync15(configPath)) {
+  if (!existsSync17(configPath)) {
     throw new Error(
       `no .stamp/config.yml at ${configPath}. Run \`stamp init\` first.`
     );
   }
-  const config = loadConfig(configPath);
+  const config2 = loadConfig(configPath);
   const resolved = resolveDiff(opts.diff, repoRoot);
   const target = opts.into ?? inferTarget(opts.diff);
-  const rule = findBranchRule(config.branches, target);
+  const rule = findBranchRule(config2.branches, target);
   if (!rule) {
     throw new Error(
-      `no branch rule for "${target}" in .stamp/config.yml. Configured branches: ${Object.keys(config.branches).join(", ") || "(none)"}. Use --into <target> to override.`
+      `no branch rule for "${target}" in .stamp/config.yml. Configured branches: ${Object.keys(config2.branches).join(", ") || "(none)"}. Use --into <target> to override.`
     );
   }
   const db = openDb(stampStateDbPath(repoRoot));
@@ -4826,19 +5353,19 @@ function printGate(result, base_sha, head_sha) {
 import { spawnSync as spawnSync7 } from "child_process";
 
 // src/lib/version.ts
-import { readFileSync as readFileSync9 } from "fs";
-import { dirname as dirname4, join as join9 } from "path";
+import { readFileSync as readFileSync10 } from "fs";
+import { dirname as dirname5, join as join10 } from "path";
 import { fileURLToPath } from "url";
 function readPackageVersion() {
-  const here = dirname4(fileURLToPath(import.meta.url));
+  const here = dirname5(fileURLToPath(import.meta.url));
   for (let dir = here, i = 0; i < 6; i++) {
     try {
-      const raw = readFileSync9(join9(dir, "package.json"), "utf8");
+      const raw = readFileSync10(join10(dir, "package.json"), "utf8");
       const pkg = JSON.parse(raw);
       if (pkg.name === "@openthink/stamp" && pkg.version) return pkg.version;
     } catch {
     }
-    const parent = dirname4(dir);
+    const parent = dirname5(dir);
     if (parent === dir) break;
     dir = parent;
   }
@@ -4938,7 +5465,7 @@ function loadConfigAtSha(sha, repoRoot) {
 }
 function runVerify(sha) {
   const repoRoot = findRepoRoot();
-  const config = loadConfigAtSha(sha, repoRoot);
+  const config2 = loadConfigAtSha(sha, repoRoot);
   const commitMessage2 = git2(["show", "-s", "--format=%B", sha], repoRoot);
   const parsed = parseCommitAttestation(commitMessage2);
   if (!parsed) {
@@ -4983,7 +5510,7 @@ function runVerify(sha) {
       `computed merge-base(${parent0.slice(0, 8)}, ${parent1.slice(0, 8)}) = ${actualMergeBase.slice(0, 8)}, does not match payload.base_sha (${payload.base_sha.slice(0, 8)})`
     );
   }
-  const rule = findBranchRule(config.branches, payload.target_branch);
+  const rule = findBranchRule(config2.branches, payload.target_branch);
   if (!rule) {
     fail(
       sha,
@@ -5029,12 +5556,12 @@ function runVerify(sha) {
     );
   }
   if ((payload.schema_version ?? 1) >= 2) {
-    verifyReviewerHashes(sha, payload, repoRoot, config);
+    verifyReviewerHashes(sha, payload, repoRoot, config2);
   }
   printSuccess2(sha, payload);
 }
-function verifyReviewerHashes(sha, payload, repoRoot, config) {
-  const reviewers2 = config.reviewers;
+function verifyReviewerHashes(sha, payload, repoRoot, config2) {
+  const reviewers2 = config2.reviewers;
   if (Object.keys(reviewers2).length === 0) {
     fail(
       sha,
@@ -5294,6 +5821,42 @@ server.command("config [host:port]").description(
     }
   }
 );
+var config = program.command("config").description(
+  "manage per-user stamp config at ~/.stamp/config.yml \u2014 operator-level knobs that shouldn't be committed. Per-repo policy lives in `.stamp/config.yml`."
+);
+var configReviewers = config.command("reviewers").description(
+  "pin which Anthropic model each reviewer (security/standards/product/\u2026) runs on. Defaults to claude-sonnet-4-6 for the three starter personas; opt into Opus on security with `set security claude-opus-4-7`."
+);
+configReviewers.command("set <reviewer> <model-id>").description(
+  "pin <reviewer> to <model-id> (e.g. `set security claude-opus-4-7`). Model id is opaque to stamp \u2014 passed straight to the agent SDK, so any string the SDK accepts works."
+).action((reviewer, modelId) => {
+  try {
+    runConfigReviewersSet({ reviewer, modelId });
+  } catch (err) {
+    handleCliError(err);
+  }
+});
+configReviewers.command("clear [reviewer]").description(
+  "remove a reviewer's model pin (resolver falls back to the SDK default), or pass --all to delete the whole ~/.stamp/config.yml."
+).option(
+  "--all",
+  "remove the entire ~/.stamp/config.yml file (every reviewer falls back to the SDK default)"
+).action((reviewer, opts) => {
+  try {
+    runConfigReviewersClear({ reviewer, all: opts.all });
+  } catch (err) {
+    handleCliError(err);
+  }
+});
+configReviewers.command("show").description(
+  "print the resolved per-reviewer model config (or note that no config is set and which defaults will apply)."
+).action(() => {
+  try {
+    runConfigReviewersShow();
+  } catch (err) {
+    handleCliError(err);
+  }
+});
 var serverRepo = program.command("server-repos").description(
   "manage bare repos on the stamp server (list / delete / restore). Uses ~/.stamp/server.yml or --server."
 );
@@ -5367,9 +5930,12 @@ program.command("status").description("show gate state for a diff; exit 0 if gat
     handleCliError(err);
   }
 });
-program.command("merge <branch>").description("merge <branch> into --into <target> if the gate is open").requiredOption("--into <target>", "target branch to merge into").action((branch, opts) => {
+program.command("merge <branch>").description("merge <branch> into --into <target> if the gate is open").requiredOption("--into <target>", "target branch to merge into").option(
+  "-y, --yes",
+  "skip the operator-confirmation prompt for this invocation (equivalent to STAMP_REQUIRE_HUMAN_MERGE=0; see audit H1)"
+).action((branch, opts) => {
   try {
-    runMerge({ branch, into: opts.into });
+    runMerge({ branch, into: opts.into, yes: opts.yes });
   } catch (err) {
     handleCliError(err);
   }
@@ -5392,13 +5958,13 @@ program.command("update").description(
   "upgrade stamp to the latest npm release (runs 'npm install -g @openthink/stamp@latest')"
 ).action(() => wrap(() => runUpdate()));
 program.command("prune").description(
-  "delete review-history rows older than <duration> from the per-machine state.db, then VACUUM. Use --dry-run first to preview."
+  "delete review-history rows older than <duration> from the per-machine state.db (then VACUUM), AND unlink failed-parse spool files under .git/stamp/failed-parses/ whose mtime is older than <duration>. Use --dry-run first to preview both passes."
 ).requiredOption(
   "--older-than <duration>",
   "retention cutoff, e.g. 30d (days), 12h (hours), 90m (minutes)"
 ).option(
   "--dry-run",
-  "print the per-reviewer breakdown that would be pruned without modifying the DB"
+  "print the per-reviewer breakdown of state.db rows AND the list of spool file paths that would be pruned, without modifying anything"
 ).action((opts) => {
   try {
     runPrune({ olderThan: opts.olderThan, dryRun: opts.dryRun });
@@ -5408,7 +5974,7 @@ program.command("prune").description(
 });
 program.command("ui").description("launch the interactive terminal UI").action(async () => {
   try {
-    const { runUi } = await import("./ui-4V2HDHOS.js");
+    const { runUi } = await import("./ui-TKLZWCPL.js");
     runUi();
   } catch (err) {
     handleCliError(err);