@openthink/stamp 1.1.0 → 1.3.0

package/dist/index.js

@@ -11,6 +11,7 @@ import {
   firstParentCommits,
   formatTrailers,
   generateKeypair,
+  gitCommonDir,
   isPathTracked,
   latestReviews,
   latestVerdicts,
@@ -38,26 +39,30 @@ import {
   stampReviewersDir,
   stampStateDbPath,
   stampTrustedKeysDir,
+  userConfigPath,
   userKeysDir,
   userServerConfigPath,
   verifyBytes
-} from "./chunk-TTOMORIY.js";
+} from "./chunk-UBRQLZON.js";
 
 // src/index.ts
 import { Command } from "commander";
 
 // src/commands/bootstrap.ts
 import { execFileSync } from "child_process";
-import { existsSync as existsSync5, readFileSync as readFileSync4, readdirSync, statSync, writeFileSync as writeFileSync4 } from "fs";
-import { dirname as dirname2, join as join3 } from "path";
+import { existsSync as existsSync6, readFileSync as readFileSync5, readdirSync, statSync, writeFileSync as writeFileSync5 } from "fs";
+import { dirname as dirname3, join as join3 } from "path";
 
 // src/lib/agentsMd.ts
 import { existsSync, readFileSync, writeFileSync } from "fs";
 import { join } from "path";
-var STAMP_BEGIN = "<!-- stamp:begin (managed by stamp-cli \u2014 do not edit between markers) -->";
+var STAMP_BEGIN = "<!-- stamp:begin (managed by `stamp init` \u2014 do not edit between markers) -->";
 var STAMP_END = "<!-- stamp:end -->";
-var STAMP_CLAUDE_BEGIN = "<!-- stamp:claude:begin (managed by stamp-cli \u2014 do not edit between markers) -->";
-var STAMP_CLAUDE_END = "<!-- stamp:claude:end -->";
+var STAMP_BEGIN_LEGACY = "<!-- stamp:begin (managed by stamp-cli \u2014 do not edit between markers) -->";
+var STAMP_CLAUDE_BEGIN_LEGACY = "<!-- stamp:claude:begin (managed by stamp-cli \u2014 do not edit between markers) -->";
+var STAMP_CLAUDE_END_LEGACY = "<!-- stamp:claude:end -->";
+var STAMP_BEGIN_PREFIX = "<!-- stamp:begin ";
+var STAMP_CLAUDE_BEGIN_PREFIX = "<!-- stamp:claude:begin ";
 var REVIEW_LOOP_HEURISTIC = `### Knowing when to stop the review loop (diminishing returns)
 
 Each \`stamp review\` run is non-trivial \u2014 reviewer LLM calls, your context, and amend
@@ -246,6 +251,20 @@ attestation, so the audit trail is preserved even without server-side rejection.
 
 ${REVIEW_LOOP_HEURISTIC}
 `;
+function findManagedBlock(text, openPrefix, closeMarker) {
+  let searchStart = 0;
+  while (searchStart < text.length) {
+    const candidateIdx = text.indexOf(openPrefix, searchStart);
+    if (candidateIdx === -1) return null;
+    if (candidateIdx === 0 || text[candidateIdx - 1] === "\n") {
+      const closeStart = text.indexOf(closeMarker, candidateIdx);
+      if (closeStart === -1) return null;
+      return { beginIdx: candidateIdx, afterEnd: closeStart + closeMarker.length };
+    }
+    searchStart = candidateIdx + 1;
+  }
+  return null;
+}
 function injectStampSection(existing, mode = "server-gated") {
   const body = mode === "server-gated" ? STAMP_AGENTS_SECTION_SERVER_GATED : STAMP_AGENTS_SECTION_LOCAL_ONLY;
   const stampBlock = `${STAMP_BEGIN}
@@ -261,12 +280,10 @@ Guidance for AI agents working in this repository.
 ${stampBlock}
 `;
   }
-  const beginIdx = existing.indexOf(STAMP_BEGIN);
-  const endIdx = existing.indexOf(STAMP_END);
-  if (beginIdx !== -1 && endIdx !== -1 && endIdx > beginIdx) {
-    const before = existing.slice(0, beginIdx);
-    const afterStart = endIdx + STAMP_END.length;
-    const after = existing.slice(afterStart);
+  const found = findManagedBlock(existing, STAMP_BEGIN_PREFIX, STAMP_END);
+  if (found) {
+    const before = existing.slice(0, found.beginIdx);
+    const after = existing.slice(found.afterEnd);
     return `${before}${stampBlock}${after}`;
   }
   return `${existing.trimEnd()}
@@ -283,7 +300,7 @@ function ensureAgentsMd(repoRoot, mode = "server-gated") {
   const existing = readFileSync(path2, "utf8");
   const updated = injectStampSection(existing, mode);
   if (updated === existing) return "unchanged";
-  const action = existing.includes(STAMP_BEGIN) ? "replaced" : "appended";
+  const action = existing.includes(STAMP_BEGIN) || existing.includes(STAMP_BEGIN_LEGACY) ? "replaced" : "appended";
   writeFileSync(path2, updated);
   return action;
 }
@@ -304,6 +321,8 @@ stamp merge feature --into main         # signs the merge
 git push origin main                    # OR \`stamp push main\` if origin is a stamp server
 \`\`\`
 
+Key commands: \`stamp provision\` \u2014 provision a new repo; \`stamp review\` \u2014 run reviewers; \`stamp merge\` \u2014 sign a merge; \`stamp push\` \u2014 push to a stamp server.
+
 **The full reference is at [\`AGENTS.md\`](./AGENTS.md) at the repo root** \u2014
 read it before any git command. It covers the mode (server-gated vs.
 local-only), what NOT to do, where things live, and how to recover when stamp
@@ -314,11 +333,11 @@ blocks you.
 (there's nothing to review against). Recent \`stamp init\` runs do this commit
 automatically. Every subsequent change goes through the stamp flow.`;
 function injectClaudeSection(existing) {
-  const stampBlock = `${STAMP_CLAUDE_BEGIN}
+  const stampBlock = `${STAMP_BEGIN}
 
 ${STAMP_CLAUDE_SECTION.trimEnd()}
 
-${STAMP_CLAUDE_END}`;
+${STAMP_END}`;
   if (existing === void 0 || existing.trim() === "") {
     return `# CLAUDE.md
 
@@ -327,12 +346,10 @@ Project-specific instructions for Claude Code (auto-loaded into the model's cont
 ${stampBlock}
 `;
   }
-  const beginIdx = existing.indexOf(STAMP_CLAUDE_BEGIN);
-  const endIdx = existing.indexOf(STAMP_CLAUDE_END);
-  if (beginIdx !== -1 && endIdx !== -1 && endIdx > beginIdx) {
-    const before = existing.slice(0, beginIdx);
-    const afterStart = endIdx + STAMP_CLAUDE_END.length;
-    const after = existing.slice(afterStart);
+  const found = findManagedBlock(existing, STAMP_BEGIN_PREFIX, STAMP_END) ?? findManagedBlock(existing, STAMP_CLAUDE_BEGIN_PREFIX, STAMP_CLAUDE_END_LEGACY);
+  if (found) {
+    const before = existing.slice(0, found.beginIdx);
+    const after = existing.slice(found.afterEnd);
     return `${before}${stampBlock}${after}`;
   }
   return `${existing.trimEnd()}
@@ -349,7 +366,7 @@ function ensureClaudeMd(repoRoot) {
   const existing = readFileSync(path2, "utf8");
   const updated = injectClaudeSection(existing);
   if (updated === existing) return "unchanged";
-  const action = existing.includes(STAMP_CLAUDE_BEGIN) ? "replaced" : "appended";
+  const action = existing.includes(STAMP_BEGIN) || existing.includes(STAMP_BEGIN_LEGACY) || existing.includes(STAMP_CLAUDE_BEGIN_LEGACY) ? "replaced" : "appended";
   writeFileSync(path2, updated);
   return action;
 }
@@ -464,9 +481,19 @@ function validateConfig(input) {
       throw new Error(`config.branches.${name}.required must be an array`);
     }
     const required_checks = parseChecks(r.required_checks, name);
+    let require_human_merge;
+    if (r.require_human_merge !== void 0) {
+      if (typeof r.require_human_merge !== "boolean") {
+        throw new Error(
+          `config.branches.${name}.require_human_merge must be a boolean`
+        );
+      }
+      require_human_merge = r.require_human_merge;
+    }
     branches[name] = {
       required: r.required.map(String),
-      ...required_checks ? { required_checks } : {}
+      ...required_checks ? { required_checks } : {},
+      ...require_human_merge !== void 0 ? { require_human_merge } : {}
     };
   }
   const reviewers2 = {};
@@ -484,10 +511,20 @@ function validateConfig(input) {
     }
     const tools = parseTools(d.tools, name);
     const mcp_servers = parseMcpServers(d.mcp_servers, name);
+    let enforce_reads_on_dotstamp;
+    if (d.enforce_reads_on_dotstamp !== void 0) {
+      if (typeof d.enforce_reads_on_dotstamp !== "boolean") {
+        throw new Error(
+          `config.reviewers.${name}.enforce_reads_on_dotstamp must be a boolean (got ${JSON.stringify(d.enforce_reads_on_dotstamp)})`
+        );
+      }
+      enforce_reads_on_dotstamp = d.enforce_reads_on_dotstamp;
+    }
     reviewers2[name] = {
       prompt: d.prompt,
       ...tools ? { tools } : {},
-      ...mcp_servers ? { mcp_servers } : {}
+      ...mcp_servers ? { mcp_servers } : {},
+      ...enforce_reads_on_dotstamp !== void 0 ? { enforce_reads_on_dotstamp } : {}
     };
   }
   return { branches, reviewers: reviewers2 };
@@ -707,8 +744,8 @@ function parseStringMap(input, path2) {
   }
   return out;
 }
-function stringifyConfig(config) {
-  return stringify(config);
+function stringifyConfig(config2) {
+  return stringify(config2);
 }
 function findBranchRule(branches, branchName) {
   const exact = branches[branchName];
@@ -1262,14 +1299,61 @@ function redactMcpToolName(tool2) {
   return `mcp__sha256:${h(server2)}__sha256:${h(name)}`;
 }
 function redactToolCallsForAttestation(calls) {
-  if (process.env.STAMP_HASH_MCP_NAMES !== "1") return calls;
+  if (process.env.STAMP_HASH_MCP_NAMES === "0") return calls;
   return calls.map((c) => ({ ...c, tool: redactMcpToolName(c.tool) }));
 }
 
+// src/lib/humanMerge.ts
+import { readSync } from "fs";
+function requireHumanMerge(args) {
+  if (args.branchRule.require_human_merge === false) return;
+  if (args.yes) return;
+  if (process.env.STAMP_REQUIRE_HUMAN_MERGE === "0") return;
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    throw new Error(
+      `confirmation required: stamp merge needs interactive confirmation for protected branch "${args.target}", but no TTY is attached.
+
+Opt out explicitly \u2014 pick one:
+  - per-invocation:  stamp merge ${args.source} --into ${args.target} --yes
+  - per-shell:       STAMP_REQUIRE_HUMAN_MERGE=0 stamp merge ...
+  - per-branch:      add 'require_human_merge: false' under branches.${args.target} in .stamp/config.yml (and merge that change through the normal review flow)
+
+Background: stamp's threat model treats LLM-verdict-as-merge-authorization as residual HIGH (audit H1). The default forces operator awareness; the env var / flag / config field are how you declare automated intent.`
+    );
+  }
+  const prompt2 = `Sign + merge '${args.source}' (${args.head_sha.slice(0, 8)}) \u2192 '${args.target}' (base ${args.base_sha.slice(0, 8)})? [y/N] `;
+  process.stdout.write(prompt2);
+  const answer = readLineSync().trim().toLowerCase();
+  if (answer !== "y" && answer !== "yes") {
+    throw new Error(
+      `merge cancelled: operator answered '${answer || "<empty>"}' to the confirmation prompt for ${args.source} \u2192 ${args.target}.`
+    );
+  }
+}
+function readLineSync() {
+  const buf = Buffer.alloc(1);
+  let out = "";
+  const fd = 0;
+  for (; ; ) {
+    let n;
+    try {
+      n = readSync(fd, buf, 0, 1, null);
+    } catch {
+      break;
+    }
+    if (n === 0) break;
+    const ch = buf.toString("utf8", 0, 1);
+    if (ch === "\n") break;
+    out += ch;
+  }
+  if (out.endsWith("\r")) out = out.slice(0, -1);
+  return out;
+}
+
 // src/commands/merge.ts
 function runMerge(opts) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
+  const config2 = loadConfig(stampConfigFile(repoRoot));
   const currentBranch2 = git(
     ["rev-parse", "--abbrev-ref", "HEAD"],
     repoRoot
@@ -1290,7 +1374,7 @@ function runMerge(opts) {
   }
   const revspec = `${opts.into}..${opts.branch}`;
   const resolved = resolveDiff(revspec, repoRoot);
-  const rule = findBranchRule(config.branches, opts.into);
+  const rule = findBranchRule(config2.branches, opts.into);
   if (!rule) {
     throw new Error(
       `no branch rule for "${opts.into}" in .stamp/config.yml`
@@ -1317,6 +1401,14 @@ function runMerge(opts) {
         `gate CLOSED: missing approved verdicts for: ${missing.join(", ")}. Run \`stamp status --diff ${revspec}\` to inspect, then \`stamp review --diff ${revspec}\` to review.`
       );
     }
+    requireHumanMerge({
+      target: opts.into,
+      source: opts.branch,
+      base_sha: resolved.base_sha,
+      head_sha: resolved.head_sha,
+      branchRule: rule,
+      yes: opts.yes ?? false
+    });
     approvals = rule.required.map((name) => {
       const rev = byReviewer.get(name);
       const toolCalls = redactToolCallsForAttestation(parseToolCalls(rev.tool_calls));
@@ -1485,11 +1577,11 @@ function runPush(opts) {
 }
 
 // src/commands/review.ts
-import { existsSync as existsSync4 } from "fs";
+import { existsSync as existsSync5 } from "fs";
 
 // src/lib/reviewer.ts
 import { randomBytes } from "crypto";
-import { chmodSync, mkdirSync, writeFileSync as writeFileSync2 } from "fs";
+import { chmodSync, mkdirSync as mkdirSync2, realpathSync, writeFileSync as writeFileSync3 } from "fs";
 import path from "path";
 import { createSdkMcpServer, query, tool } from "@anthropic-ai/claude-agent-sdk";
 import { z as z2 } from "zod";
@@ -1525,10 +1617,137 @@ ${body}
 ${close}`;
 }
 
+// src/lib/userConfig.ts
+import {
+  existsSync as existsSync3,
+  mkdirSync,
+  readFileSync as readFileSync4,
+  renameSync,
+  unlinkSync,
+  writeFileSync as writeFileSync2
+} from "fs";
+import { dirname } from "path";
+import { parse as parseYaml3, stringify as stringifyYaml } from "yaml";
+var DEFAULT_REVIEWER_MODELS = {
+  security: "claude-sonnet-4-6",
+  standards: "claude-sonnet-4-6",
+  product: "claude-sonnet-4-6"
+};
+var REVIEWER_NAME_RE = /^[a-zA-Z0-9][a-zA-Z0-9_-]{0,63}$/;
+var MODEL_ID_RE = /^[A-Za-z0-9][A-Za-z0-9._:@/-]*$/;
+function isValidReviewerName(name) {
+  return REVIEWER_NAME_RE.test(name);
+}
+function isValidModelId(id) {
+  return MODEL_ID_RE.test(id) && id.length <= 128;
+}
+function loadUserConfig() {
+  const path2 = userConfigPath();
+  if (!existsSync3(path2)) return null;
+  let raw;
+  try {
+    raw = readFileSync4(path2, "utf8");
+  } catch (err) {
+    throw new Error(
+      `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  return parseUserConfig(raw, path2);
+}
+function parseUserConfig(raw, contextPath = "<inline>") {
+  const trimmed = raw.trim();
+  if (trimmed === "") {
+    return { reviewers: {} };
+  }
+  const parsed = parseYaml3(raw);
+  if (parsed === null || parsed === void 0) {
+    return { reviewers: {} };
+  }
+  if (typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(
+      `${contextPath}: must be a YAML mapping (got ${Array.isArray(parsed) ? "array" : typeof parsed})`
+    );
+  }
+  const obj = parsed;
+  const reviewersRaw = obj.reviewers;
+  const reviewers2 = {};
+  if (reviewersRaw !== void 0 && reviewersRaw !== null) {
+    if (typeof reviewersRaw !== "object" || Array.isArray(reviewersRaw)) {
+      throw new Error(
+        `${contextPath}: 'reviewers' must be a mapping of <reviewer-name> to <model-id>`
+      );
+    }
+    for (const [name, value] of Object.entries(
+      reviewersRaw
+    )) {
+      if (!isValidReviewerName(name)) {
+        throw new Error(
+          `${contextPath}: reviewer name '${name}' under 'reviewers' is invalid (letters, digits, underscores, hyphens; max 64 chars; no leading hyphen)`
+        );
+      }
+      if (typeof value !== "string" || value.trim() === "") {
+        throw new Error(
+          `${contextPath}: reviewers.${name} must be a non-empty string (model id)`
+        );
+      }
+      const id = value.trim();
+      if (!isValidModelId(id)) {
+        throw new Error(
+          `${contextPath}: reviewers.${name} = ${JSON.stringify(value)} is not a valid model id (expected a token like 'claude-sonnet-4-6'; the SDK accepts opaque strings, but stamp rejects shapes with whitespace or control chars)`
+        );
+      }
+      reviewers2[name] = id;
+    }
+  }
+  return { reviewers: reviewers2 };
+}
+function stringifyUserConfig(cfg) {
+  return stringifyYaml({ reviewers: cfg.reviewers });
+}
+function writeUserConfig(cfg) {
+  const path2 = userConfigPath();
+  const dir = dirname(path2);
+  if (!existsSync3(dir)) mkdirSync(dir, { recursive: true, mode: 448 });
+  const tmp = `${path2}.tmp.${process.pid}`;
+  writeFileSync2(tmp, stringifyUserConfig(cfg), { mode: 384 });
+  renameSync(tmp, path2);
+  return path2;
+}
+function loadOrCreateUserConfig() {
+  const path2 = userConfigPath();
+  const existed = existsSync3(path2);
+  if (!existed) {
+    const defaults = {
+      reviewers: { ...DEFAULT_REVIEWER_MODELS }
+    };
+    writeUserConfig(defaults);
+    return { config: defaults, created: true, path: path2 };
+  }
+  const config2 = loadUserConfig() ?? { reviewers: {} };
+  return { config: config2, created: false, path: path2 };
+}
+function resolveReviewerModel(reviewer) {
+  let cfg;
+  try {
+    cfg = loadUserConfig();
+  } catch {
+    return null;
+  }
+  if (!cfg) return null;
+  const id = cfg.reviewers[reviewer];
+  return typeof id === "string" && id.length > 0 ? id : null;
+}
+function deleteUserConfig() {
+  const path2 = userConfigPath();
+  if (!existsSync3(path2)) return false;
+  unlinkSync(path2);
+  return true;
+}
+
 // src/lib/reviewer.ts
 var VERDICT_LINE_REGEX = /^VERDICT:\s*(approved|changes_requested|denied)\s*$/;
-var REVIEWER_INTERNAL_DENY_PATHS = [".git/stamp/state.db"];
-var REVIEWER_INTERNAL_DENY_PREFIXES = [".stamp/trusted-keys/"];
+var REVIEWER_INTERNAL_DENY_PATHS = [];
+var REVIEWER_INTERNAL_DENY_PREFIXES = [".git/stamp/", ".stamp/trusted-keys/"];
 function denyIfOutsideRepo(inputPath, repoRoot, toolName) {
   if (typeof inputPath !== "string" || inputPath.length === 0) {
     return `${toolName} input path must be a non-empty string`;
@@ -1540,6 +1759,40 @@ function denyIfOutsideRepo(inputPath, repoRoot, toolName) {
   }
   return null;
 }
+function denyIfRealpathOutsideRepo(resolved, resolvedRoot, inputPath, toolName) {
+  let canonRoot;
+  try {
+    canonRoot = realpathSync.native(resolvedRoot);
+  } catch {
+    return { canon: null, canonRoot: null, deny: null };
+  }
+  let probe = resolved;
+  let realPrefix = null;
+  const tail = [];
+  for (; ; ) {
+    try {
+      realPrefix = realpathSync.native(probe);
+      break;
+    } catch {
+      const parent = path.dirname(probe);
+      if (parent === probe) break;
+      tail.unshift(path.basename(probe));
+      probe = parent;
+    }
+  }
+  if (realPrefix === null) {
+    return { canon: null, canonRoot: null, deny: null };
+  }
+  const canon = tail.length === 0 ? realPrefix : path.join(realPrefix, ...tail);
+  if (canon !== canonRoot && !canon.startsWith(canonRoot + path.sep)) {
+    return {
+      canon,
+      canonRoot,
+      deny: `${toolName} path "${inputPath}" resolves through a symlink to "${canon}", which is outside repoRoot ("${canonRoot}"). Reviewer tools are scoped to the repository; symlinks pointing out are treated the same as a literal escape.`
+    };
+  }
+  return { canon, canonRoot, deny: null };
+}
 function denyIfReviewerInternal(resolvedAbs, resolvedRoot, inputPath) {
   const rel = path.relative(resolvedRoot, resolvedAbs);
   for (const denied of REVIEWER_INTERNAL_DENY_PATHS) {
@@ -1549,7 +1802,7 @@ function denyIfReviewerInternal(resolvedAbs, resolvedRoot, inputPath) {
   }
   for (const prefix of REVIEWER_INTERNAL_DENY_PREFIXES) {
     if (rel === prefix.replace(/\/$/, "") || rel.startsWith(prefix)) {
-      return `Read of "${inputPath}" denied: ${prefix}* holds reviewer trust anchors and is exfil-attractive.`;
+      return `Read of "${inputPath}" denied: ${prefix}* is reviewer-internal (trust anchors / verdict DB / spools) and is exfil-attractive.`;
     }
   }
   return null;
@@ -1593,9 +1846,18 @@ function checkReviewerTool(args) {
     if (denied) return { allow: false, reason: denied };
     const resolvedRoot = path.resolve(repoRoot);
     const resolved = path.resolve(resolvedRoot, filePath);
-    const internal = denyIfReviewerInternal(
+    const realpathCheck = denyIfRealpathOutsideRepo(
       resolved,
       resolvedRoot,
+      filePath,
+      "Read"
+    );
+    if (realpathCheck.deny) return { allow: false, reason: realpathCheck.deny };
+    const internalProbe = realpathCheck.canon ?? resolved;
+    const internalRoot = realpathCheck.canonRoot ?? resolvedRoot;
+    const internal = denyIfReviewerInternal(
+      internalProbe,
+      internalRoot,
       filePath
     );
     if (internal) return { allow: false, reason: internal };
@@ -1606,6 +1868,15 @@ function checkReviewerTool(args) {
     if (grepPath !== void 0) {
       const denied = denyIfOutsideRepo(grepPath, repoRoot, "Grep");
       if (denied) return { allow: false, reason: denied };
+      const resolvedRoot = path.resolve(repoRoot);
+      const resolved = path.resolve(resolvedRoot, grepPath);
+      const realpathCheck = denyIfRealpathOutsideRepo(
+        resolved,
+        resolvedRoot,
+        grepPath,
+        "Grep"
+      );
+      if (realpathCheck.deny) return { allow: false, reason: realpathCheck.deny };
     }
     return { allow: true };
   }
@@ -1614,6 +1885,15 @@ function checkReviewerTool(args) {
     if (globPath !== void 0) {
       const denied = denyIfOutsideRepo(globPath, repoRoot, "Glob");
       if (denied) return { allow: false, reason: denied };
+      const resolvedRoot = path.resolve(repoRoot);
+      const resolved = path.resolve(resolvedRoot, globPath);
+      const realpathCheck = denyIfRealpathOutsideRepo(
+        resolved,
+        resolvedRoot,
+        globPath,
+        "Glob"
+      );
+      if (realpathCheck.deny) return { allow: false, reason: realpathCheck.deny };
     }
     const pattern = input.pattern;
     if (typeof pattern === "string") {
@@ -1635,6 +1915,11 @@ function checkReviewerTool(args) {
   return { allow: true };
 }
 async function invokeReviewer(params) {
+  if (process.env.STAMP_NO_LLM === "1") {
+    throw new Error(
+      `STAMP_NO_LLM=1 is set; refusing to invoke the Claude Agent SDK for reviewer "${params.reviewer}". With this env var on, stamp's LLM-using surface (review / reviewers test / bootstrap) is disabled \u2014 no diff content will leave the host. The signing, verification, and merge primitives (stamp keys / stamp merge / stamp verify / stamp log / the pre-receive hook) all continue to work; you can attest manual review by capturing verdicts in state.db out-of-band before merge. Unset STAMP_NO_LLM (or set it to anything other than "1") to re-enable.`
+    );
+  }
   const def = params.config.reviewers[params.reviewer];
   if (!def) {
     throw new Error(
@@ -1744,6 +2029,7 @@ async function invokeReviewer(params) {
   };
   const maxTurns = parseIntEnv("STAMP_REVIEWER_MAX_TURNS", 8);
   const timeoutMs = parseIntEnv("STAMP_REVIEWER_TIMEOUT_MS", 5 * 60 * 1e3);
+  const modelOverride = resolveReviewerModel(params.reviewer);
   const abortController = new AbortController();
   const timeoutHandle = setTimeout(() => {
     abortController.abort(
@@ -1761,6 +2047,10 @@ async function invokeReviewer(params) {
       mcpServers,
       maxTurns,
       abortController,
+      // Spread the model option so a null resolution leaves the SDK to
+      // pick its own default rather than landing as `model: null` (which
+      // some SDK versions treat as a typed override of the default).
+      ...modelOverride !== null ? { model: modelOverride } : {},
       // PreToolUse fires for every tool call regardless of `allowedTools`
       // membership, which is what we want for security gating: pre-approving
       // a tool name in `allowedTools` should not bypass per-call validation.
@@ -1797,6 +2087,7 @@ async function invokeReviewer(params) {
   let finalText = null;
   let errorMessage = null;
   const toolCalls = [];
+  const readPaths = /* @__PURE__ */ new Set();
   try {
     for await (const msg of q) {
       if (msg.type === "assistant") {
@@ -1810,6 +2101,14 @@ async function invokeReviewer(params) {
                   tool: b.name,
                   input_sha256: hashToolInput(b.input)
                 });
+                if (b.name === "Read" && b.input && typeof b.input === "object") {
+                  const fp = b.input.file_path;
+                  if (typeof fp === "string" && fp.length > 0) {
+                    const resolved = path.resolve(params.repoRoot, fp);
+                    const rel = path.relative(params.repoRoot, resolved);
+                    if (rel && !rel.startsWith("..")) readPaths.add(rel);
+                  }
+                }
               }
             }
           }
@@ -1845,6 +2144,26 @@ async function invokeReviewer(params) {
     verdict = parseLastLineVerdict(fallbackText, params.reviewer, params.repoRoot);
     prose = stripLastLineVerdict(fallbackText);
   }
+  if (def.enforce_reads_on_dotstamp && verdict === "approved") {
+    const missing = findMissingDotstampReads(
+      params.base_sha,
+      params.head_sha,
+      params.repoRoot,
+      readPaths
+    );
+    if (missing.length > 0) {
+      const list = missing.map((p) => `  - ${p}`).join("\n");
+      verdict = "changes_requested";
+      prose = `verdict/trace inconsistency: this reviewer is configured with enforce_reads_on_dotstamp=true, the diff modifies the following \`.stamp/*\` paths, and none of them appeared in the reviewer's Read trace before approval:
+
+${list}
+
+Approving a change to stamp's own trust anchors without inspecting the diff defeats audit H1's defense-in-depth posture. Re-run the review and call \`Read('<path>')\` for each modified \`.stamp/*\` file before submitting an approved verdict.${prose ? `
+
+Original prose:
+${prose}` : ""}`;
+    }
+  }
   return {
     reviewer: params.reviewer,
     prose,
@@ -1853,6 +2172,23 @@ async function invokeReviewer(params) {
     retros: submittedRetros
   };
 }
+function findMissingDotstampReads(baseSha, headSha, repoRoot, readPaths) {
+  let raw;
+  try {
+    raw = runGit(
+      ["diff", "--name-only", "--diff-filter=AMR", `${baseSha}..${headSha}`],
+      repoRoot
+    );
+  } catch {
+    return [];
+  }
+  const modified = raw.split("\n").map((l) => l.trim()).filter((l) => l.length > 0 && l.startsWith(".stamp/"));
+  const missing = [];
+  for (const p of modified) {
+    if (!readPaths.has(p)) missing.push(p);
+  }
+  return missing.sort();
+}
 function resolveMcpServers(def, reviewerName) {
   if (!def.mcp_servers) return void 0;
   const operatorAllowlist = parseEnvAllowlist(
@@ -1992,13 +2328,13 @@ function sanitizeReviewerSlug(name) {
   return cleaned === "" ? "_" : cleaned;
 }
 function writeFailedParseSpool(repoRoot, reviewer, text) {
-  const dir = path.join(repoRoot, ".git", "stamp", "failed-parses");
-  mkdirSync(dir, { recursive: true, mode: 448 });
+  const dir = path.join(gitCommonDir(repoRoot), "stamp", "failed-parses");
+  mkdirSync2(dir, { recursive: true, mode: 448 });
   chmodSync(dir, 448);
   const slug = sanitizeReviewerSlug(reviewer);
   const filename = `${Date.now()}-${slug}.txt`;
   const filepath = path.join(dir, filename);
-  writeFileSync2(filepath, text, { flag: "wx", mode: 384 });
+  writeFileSync3(filepath, text, { flag: "wx", mode: 384 });
   chmodSync(filepath, 384);
   const lineCount = text === "" ? 0 : text.split("\n").length;
   return { path: filepath, lineCount };
@@ -2022,12 +2358,12 @@ function stripLastLineVerdict(text) {
 }
 
 // src/lib/llmNotice.ts
-import { existsSync as existsSync3, mkdirSync as mkdirSync2, writeFileSync as writeFileSync3 } from "fs";
-import { dirname } from "path";
+import { existsSync as existsSync4, mkdirSync as mkdirSync3, writeFileSync as writeFileSync4 } from "fs";
+import { dirname as dirname2 } from "path";
 function maybePrintLlmNotice(repoRoot) {
   if (process.env.STAMP_SUPPRESS_LLM_NOTICE === "1") return;
   const marker = stampLlmNoticeMarkerPath(repoRoot);
-  if (existsSync3(marker)) return;
+  if (existsSync4(marker)) return;
   process.stderr.write(
     `note: stamp review ships the diff to Anthropic via the Claude Agent SDK.
       See README "Data flow / privacy" for what's sent and how to opt out.
@@ -2036,8 +2372,8 @@ function maybePrintLlmNotice(repoRoot) {
 `
   );
   try {
-    mkdirSync2(dirname(marker), { recursive: true });
-    writeFileSync3(marker, `${(/* @__PURE__ */ new Date()).toISOString()}
+    mkdirSync3(dirname2(marker), { recursive: true });
+    writeFileSync4(marker, `${(/* @__PURE__ */ new Date()).toISOString()}
 `);
   } catch {
   }
@@ -2046,9 +2382,14 @@ function maybePrintLlmNotice(repoRoot) {
 // src/commands/review.ts
 var DEFAULT_DIFF_SIZE_CAP_BYTES = 200 * 1024;
 async function runReview(opts) {
+  if (process.env.STAMP_NO_LLM === "1") {
+    throw new Error(
+      `STAMP_NO_LLM=1 is set; refusing to start \`stamp review\` because it would invoke the Claude Agent SDK. With this env var on, stamp's LLM-using commands (review / reviewers test / bootstrap) are disabled \u2014 no diff content will leave the host. The signing, verification, and merge primitives (stamp keys / stamp merge / stamp verify / stamp log / the pre-receive hook) all continue to work. Unset STAMP_NO_LLM to re-enable.`
+    );
+  }
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  if (!existsSync4(configPath)) {
+  if (!existsSync5(configPath)) {
     throw new Error(
       `no .stamp/config.yml at ${configPath}. Run \`stamp init\` first.`
     );
@@ -2088,16 +2429,16 @@ async function runReview(opts) {
       `failed to read .stamp/config.yml at base ${resolved.base_sha.slice(0, 8)}: ${err instanceof Error ? err.message : String(err)}`
     );
   }
-  const config = parseConfigFromYaml(baseConfigYaml);
-  const reviewerNames = chooseReviewers(config, opts.only);
+  const config2 = parseConfigFromYaml(baseConfigYaml);
+  const reviewerNames = chooseReviewers(config2, opts.only);
   if (reviewerNames.length === 0) {
     throw new Error(
-      `no reviewers to run at base ${resolved.base_sha.slice(0, 8)} (config there has ${Object.keys(config.reviewers).length} configured). If this branch ADDS a new reviewer, the new reviewer cannot review its own introduction \u2014 that's a deliberate security boundary. Land the reviewer in a separate PR first, then it can review subsequent diffs.`
+      `no reviewers to run at base ${resolved.base_sha.slice(0, 8)} (config there has ${Object.keys(config2.reviewers).length} configured). If this branch ADDS a new reviewer, the new reviewer cannot review its own introduction \u2014 that's a deliberate security boundary. Land the reviewer in a separate PR first, then it can review subsequent diffs.`
     );
   }
   const promptBytesByReviewer = /* @__PURE__ */ new Map();
   for (const name of reviewerNames) {
-    const def = config.reviewers[name];
+    const def = config2.reviewers[name];
     let bytes;
     try {
       bytes = showAtRef(resolved.base_sha, def.prompt, repoRoot);
@@ -2109,6 +2450,16 @@ async function runReview(opts) {
     promptBytesByReviewer.set(name, bytes);
   }
   maybePrintLlmNotice(repoRoot);
+  const userCfg = loadOrCreateUserConfig();
+  if (userCfg.created) {
+    process.stderr.write(
+      `note: per-user reviewer-model config written to ${userCfg.path} (Sonnet defaults).
+      Inspect with \`stamp config reviewers show\`; pin a different model with
+      \`stamp config reviewers set <reviewer> <model-id>\`.
+
+`
+    );
+  }
   console.log(
     `running ${reviewerNames.length} reviewer${reviewerNames.length === 1 ? "" : "s"} in parallel: ${reviewerNames.join(", ")}`
   );
@@ -2125,7 +2476,7 @@ async function runReview(opts) {
       reviewerNames.map(
         (name) => invokeReviewer({
           reviewer: name,
-          config,
+          config: config2,
           repoRoot,
           diff: resolved.diff,
           base_sha: resolved.base_sha,
@@ -2160,16 +2511,16 @@ async function runReview(opts) {
     db.close();
   }
 }
-function chooseReviewers(config, only) {
+function chooseReviewers(config2, only) {
   if (only) {
-    if (!(only in config.reviewers)) {
+    if (!(only in config2.reviewers)) {
       throw new Error(
-        `reviewer "${only}" is not configured. Available: ${Object.keys(config.reviewers).join(", ") || "(none)"}`
+        `reviewer "${only}" is not configured. Available: ${Object.keys(config2.reviewers).join(", ") || "(none)"}`
       );
     }
     return [only];
   }
-  return Object.keys(config.reviewers);
+  return Object.keys(config2.reviewers);
 }
 function printReview(result, base_sha, head_sha) {
   const bar = "\u2500".repeat(72);
@@ -2211,9 +2562,14 @@ var STARTER_PROMPTS = {
 };
 var BOOTSTRAP_BRANCH = "stamp/bootstrap";
 async function runBootstrap(opts = {}) {
+  if (process.env.STAMP_NO_LLM === "1") {
+    throw new Error(
+      `STAMP_NO_LLM=1 is set; refusing to start \`stamp bootstrap\` because it invokes the Claude Agent SDK to install reviewers. With this env var on, stamp's LLM-using commands (review / reviewers test / bootstrap) are disabled \u2014 no diff content will leave the host. The signing, verification, and merge primitives (stamp keys / stamp merge / stamp verify / stamp log / the pre-receive hook) all continue to work. Unset STAMP_NO_LLM to re-enable.`
+    );
+  }
   const repoRoot = findRepoRoot();
   const configFile = stampConfigFile(repoRoot);
-  if (!existsSync5(configFile)) {
+  if (!existsSync6(configFile)) {
     throw new Error(
       `no .stamp/config.yml at ${configFile}. This command runs against an already-provisioned stamp repo (cloned from a stamp server with the placeholder seed). For a fresh local repo, run \`stamp init\` instead.`
     );
@@ -2412,45 +2768,45 @@ function buildPlan(current, targetBranch, targetRule, opts) {
   };
 }
 function readSeedDir(seedDir) {
-  if (!existsSync5(seedDir) || !statSync(seedDir).isDirectory()) {
+  if (!existsSync6(seedDir) || !statSync(seedDir).isDirectory()) {
     throw new Error(`--from path is not a directory: ${seedDir}`);
   }
   const configPath = join3(seedDir, "config.yml");
-  if (!existsSync5(configPath)) {
+  if (!existsSync6(configPath)) {
     throw new Error(`--from dir missing config.yml: ${configPath}`);
   }
   const reviewersDir = join3(seedDir, "reviewers");
-  if (!existsSync5(reviewersDir) || !statSync(reviewersDir).isDirectory()) {
+  if (!existsSync6(reviewersDir) || !statSync(reviewersDir).isDirectory()) {
     throw new Error(`--from dir missing reviewers/ subdirectory: ${reviewersDir}`);
   }
-  const yaml = readFileSync4(configPath, "utf8");
-  const config = parseConfigFromYaml(yaml);
+  const yaml = readFileSync5(configPath, "utf8");
+  const config2 = parseConfigFromYaml(yaml);
   const reviewerFiles = /* @__PURE__ */ new Map();
   for (const entry of readdirSync(reviewersDir)) {
     const full = join3(reviewersDir, entry);
     if (statSync(full).isFile()) {
-      reviewerFiles.set(`.stamp/reviewers/${entry}`, readFileSync4(full, "utf8"));
+      reviewerFiles.set(`.stamp/reviewers/${entry}`, readFileSync5(full, "utf8"));
     }
   }
   let mirrorYml;
   const mirrorPath = join3(seedDir, "mirror.yml");
-  if (existsSync5(mirrorPath)) {
-    mirrorYml = readFileSync4(mirrorPath, "utf8");
+  if (existsSync6(mirrorPath)) {
+    mirrorYml = readFileSync5(mirrorPath, "utf8");
   }
-  return { config, reviewerFiles, mirrorYml };
+  return { config: config2, reviewerFiles, mirrorYml };
 }
 function writeBootstrapFiles(repoRoot, plan) {
   ensureDir(stampConfigDir(repoRoot));
   ensureDir(stampReviewersDir(repoRoot));
   for (const { path: path2, content } of plan.reviewerFiles.values()) {
     const full = join3(repoRoot, path2);
-    ensureDir(dirname2(full));
-    writeFileSync4(full, content);
+    ensureDir(dirname3(full));
+    writeFileSync5(full, content);
   }
   if (plan.mirrorYml !== void 0) {
-    writeFileSync4(join3(repoRoot, ".stamp/mirror.yml"), plan.mirrorYml);
+    writeFileSync5(join3(repoRoot, ".stamp/mirror.yml"), plan.mirrorYml);
   }
-  writeFileSync4(stampConfigFile(repoRoot), stringifyConfig(plan.newConfig));
+  writeFileSync5(stampConfigFile(repoRoot), stringifyConfig(plan.newConfig));
 }
 function printPlan(plan, opts) {
   const bar = "\u2500".repeat(72);
@@ -2491,11 +2847,12 @@ function branchExists(name, cwd) {
 }
 
 // src/commands/init.ts
-import { existsSync as existsSync6, writeFileSync as writeFileSync5 } from "fs";
-import { join as join4 } from "path";
+import { existsSync as existsSync9, writeFileSync as writeFileSync7 } from "fs";
+import { join as join5 } from "path";
 
 // src/lib/ghRuleset.ts
 import { spawnSync as spawnSync3 } from "child_process";
+var STAMP_MIRROR_DEPLOY_KEY_TITLE = "stamp-mirror";
 function checkGhAvailable() {
   const v = spawnSync3("gh", ["--version"], {
     stdio: ["ignore", "pipe", "pipe"],
@@ -2639,340 +2996,709 @@ function applyStampRuleset(owner, repo, actor) {
     return { status: "created" };
   }
 }
-
-// src/commands/init.ts
-function runInit(opts = {}) {
-  const repoRoot = findRepoRoot();
-  const configDir = stampConfigDir(repoRoot);
-  const configFile = stampConfigFile(repoRoot);
-  const reviewersDir = stampReviewersDir(repoRoot);
-  const trustedKeysDir = stampTrustedKeysDir(repoRoot);
-  const stateDbPath = stampStateDbPath(repoRoot);
-  const remoteName = opts.remote ?? "origin";
-  const remoteClass = classifyRemote(remoteName, repoRoot);
-  const { effectiveMode, warnings } = resolveMode(opts.mode, remoteClass);
-  if (opts.mode === "server-gated" && remoteClass.shape === "forge-direct") {
-    throw new Error(
-      `--mode server-gated requires origin to be a stamp server, but ${describeShape(remoteClass)}.
-
-For server-gated enforcement, the recommended one-command path is:
-  stamp provision <name> --org <github-org>
-(needs ~/.stamp/server.yml with your stamp server's host + port, or --server <host>:<port>).
-That command handles the bare-repo creation, clone, bootstrap merge, GitHub mirror, and Ruleset.
-
-For local-only / advisory use against this GitHub repo: re-run with \`stamp init --mode local-only\`. That mode is honest about the lack of server-side enforcement (signed merges still work, but \`git push origin main\` will not be rejected by the remote).`
-    );
-  }
-  const alreadyHasConfig = existsSync6(configFile);
-  ensureDir(configDir);
-  ensureDir(reviewersDir);
-  ensureDir(trustedKeysDir);
-  if (!alreadyHasConfig) {
-    if (opts.minimal) {
-      writeFileSync5(configFile, stringifyConfig(MINIMAL_CONFIG));
-      writeFileSync5(join4(reviewersDir, "example.md"), EXAMPLE_REVIEWER_PROMPT);
-    } else {
-      writeFileSync5(configFile, stringifyConfig(DEFAULT_CONFIG));
-      writeFileSync5(
-        join4(reviewersDir, "security.md"),
-        DEFAULT_SECURITY_PROMPT
-      );
-      writeFileSync5(
-        join4(reviewersDir, "standards.md"),
-        DEFAULT_STANDARDS_PROMPT
-      );
-      writeFileSync5(
-        join4(reviewersDir, "product.md"),
-        DEFAULT_PRODUCT_PROMPT
-      );
-    }
-  }
-  const { keypair, created: keyCreated } = ensureUserKeypair();
-  const pubKeyPath = join4(
-    trustedKeysDir,
-    publicKeyFingerprintFilename(keypair.fingerprint)
+function findDeployKey(owner, repo, title) {
+  const r = spawnSync3(
+    "gh",
+    [
+      "api",
+      `/repos/${owner}/${repo}/keys`,
+      "--jq",
+      // JSON.stringify produces a valid jq string literal (double-quoted,
+      // with backslash/quote escapes), so a title containing quotes or
+      // backslashes can't break the jq filter or smuggle a different
+      // selector.
+      `[.[] | select(.title == ${JSON.stringify(title)})][0].id // empty`
+    ],
+    { stdio: ["ignore", "pipe", "pipe"], encoding: "utf8" }
   );
-  const keyDeposited = !existsSync6(pubKeyPath);
-  if (keyDeposited) {
-    writeFileSync5(pubKeyPath, keypair.publicKeyPem);
+  if (r.status !== 0) return null;
+  const trimmed = r.stdout.trim();
+  if (!trimmed) return null;
+  const id = Number(trimmed);
+  return Number.isFinite(id) ? id : null;
+}
+function registerDeployKey(owner, repo, title, publicKey) {
+  const ctx = `${owner}/${repo} (deploy key "${title}")`;
+  const existing = findDeployKey(owner, repo, title);
+  if (existing !== null) {
+    return { status: "exists", keyId: existing };
   }
-  const dbExisted = existsSync6(stateDbPath);
-  const db = openDb(stateDbPath);
-  db.close();
-  const agentsMdAction = opts.agentsMd === false ? "skipped" : ensureAgentsMd(repoRoot, effectiveMode);
-  const claudeMdAction = opts.claudeMd === false ? "skipped" : ensureClaudeMd(repoRoot);
-  const scaffoldOrSync = alreadyHasConfig ? "sync" : "scaffold";
-  console.log(
-    scaffoldOrSync === "scaffold" ? `stamp initialized (scaffolded fresh repo${opts.minimal ? " \u2014 minimal mode, single placeholder reviewer" : " with three starter reviewers"}).
-` : "stamp initialized (synced to existing .stamp/ config).\n"
-  );
-  console.log(`  repo root:   ${repoRoot}`);
-  console.log(`  mode:        ${effectiveMode}${opts.mode ? "" : " (auto-detected)"}`);
-  console.log(`  remote:      ${describeShape(remoteClass)}`);
-  console.log(
-    `  config:      ${configFile}${alreadyHasConfig ? " (existing)" : " (created)"}`
-  );
-  console.log(`  trust store: ${trustedKeysDir}/`);
-  console.log(
-    `  state db:    ${stateDbPath}${dbExisted ? " (existing)" : " (created)"}`
-  );
-  console.log(
-    `  your key:    ${keypair.fingerprint} ${keyCreated ? "(generated)" : "(existing)"}`
+  const body = { title, key: publicKey, read_only: false };
+  const r = spawnSync3(
+    "gh",
+    [
+      "api",
+      "-X",
+      "POST",
+      `/repos/${owner}/${repo}/keys`,
+      "--input",
+      "-"
+    ],
+    {
+      input: JSON.stringify(body),
+      stdio: ["pipe", "pipe", "pipe"],
+      encoding: "utf8"
+    }
   );
-  if (agentsMdAction !== "unchanged" && agentsMdAction !== "skipped") {
-    console.log(
-      `  AGENTS.md:   ${agentsMdAction} at repo root (${effectiveMode} guidance)`
-    );
+  if (r.status !== 0) {
+    const stderr = (r.stderr ?? "").trim();
+    const stdout = (r.stdout ?? "").trim();
+    const detail = stderr || stdout || `gh api exited ${r.status}`;
+    return {
+      status: "failed",
+      error: `${ctx}: ${detail}`
+    };
   }
-  if (claudeMdAction !== "unchanged" && claudeMdAction !== "skipped") {
-    console.log(
-      `  CLAUDE.md:   ${claudeMdAction} at repo root (auto-loaded by Claude Code)`
-    );
+  let parsed;
+  try {
+    parsed = JSON.parse(r.stdout);
+  } catch (err) {
+    return {
+      status: "failed",
+      error: `${ctx}: registered, but couldn't parse keyId from gh response (${err instanceof Error ? err.message : String(err)}). A keyId is required to wire the key into a Ruleset bypass actor; inspect with \`gh api /repos/${owner}/${repo}/keys\`.`
+    };
   }
-  console.log();
-  if (opts.bootstrapCommit !== false) {
-    printBootstrapCommitResult(runBootstrapCommit(repoRoot, scaffoldOrSync));
+  const keyId = typeof parsed.id === "number" ? parsed.id : NaN;
+  if (!Number.isFinite(keyId)) {
+    return {
+      status: "failed",
+      error: `${ctx}: registered, but gh response did not include a numeric keyId. A keyId is required to wire the key into a Ruleset bypass actor; inspect with \`gh api /repos/${owner}/${repo}/keys\`.`
+    };
   }
-  const ghProtectOpt = opts.ghProtect !== false;
-  if (ghProtectOpt && remoteClass.shape === "forge-direct" && remoteClass.forge === "github.com" && remoteClass.url) {
-    applyGitHubRulesetWithReporting(remoteClass.url);
-  }
-  for (const warning of warnings) {
-    console.error(warning);
-    console.error();
-  }
-  if (scaffoldOrSync === "scaffold") {
-    if (effectiveMode === "local-only") {
-      console.log(
-        "Local-only mode \u2014 your stamp config is committed but NOT enforced server-side."
-      );
-      console.log(
-        "Direct `git push origin main` will succeed. To enforce, deploy a stamp"
-      );
-      console.log(
-        "server (see docs/quickstart-server.md) and re-init with --mode server-gated."
-      );
-      console.log();
-    }
-    console.log("Next steps:");
-    if (opts.minimal) {
-      console.log(
-        "  1. Replace .stamp/reviewers/example.md with your own reviewer prompt."
-      );
-      console.log("  2. Or add more reviewers: `stamp reviewers add <name>`.");
-    } else {
-      console.log(
-        "  1. Read the scaffolded prompts in .stamp/reviewers/ \u2014 they're"
-      );
-      console.log(
-        "     starting points calibrated for generic TS/JS projects; customize"
-      );
-      console.log("     for your codebase. See docs/personas.md for guidance.");
-      console.log(
-        "  2. Optionally add `required_checks` to .stamp/config.yml (e.g."
-      );
-      console.log(`     \`npm run build\`, \`npm run typecheck\`).`);
-    }
-    console.log("  3. Commit the .stamp/ directory.");
-    console.log(
-      "  4. Share your public key (in .stamp/trusted-keys/) with any other"
-    );
-    console.log("     machines that will push to this repo.");
-  } else if (keyDeposited) {
-    console.log(
-      `Your public key was deposited at ${pubKeyPath}.`
-    );
-    console.log(
-      `Commit + push it so the remote will accept merges signed by this machine.`
-    );
-  } else {
-    console.log(
-      "Your key is already in .stamp/trusted-keys/. You're ready to review + merge."
-    );
-  }
-  console.log();
-  console.log(
-    "Privacy: every `stamp review` ships the diff to Anthropic via the Claude"
-  );
-  console.log(
-    `Agent SDK. See README "Data flow / privacy" for what's sent and how to`
+  return { status: "created", keyId };
+}
+function fetchDeployKeyPublic(owner, repo, keyId) {
+  const r = spawnSync3(
+    "gh",
+    ["api", `/repos/${owner}/${repo}/keys/${keyId}`, "--jq", ".key"],
+    { stdio: ["ignore", "pipe", "pipe"], encoding: "utf8" }
   );
-  console.log(
-    "opt out of the per-repo notice (STAMP_SUPPRESS_LLM_NOTICE=1)."
+  if (r.status !== 0) return null;
+  const trimmed = r.stdout.trim();
+  return trimmed.length > 0 ? trimmed : null;
+}
+function deleteDeployKey(owner, repo, keyId) {
+  const r = spawnSync3(
+    "gh",
+    ["api", "-X", "DELETE", `/repos/${owner}/${repo}/keys/${keyId}`],
+    { stdio: ["ignore", "pipe", "pipe"], encoding: "utf8" }
   );
-  if (agentsMdAction !== "skipped" || claudeMdAction !== "skipped") {
-    console.log();
-    const bar = "\u2500".repeat(72);
-    console.log(bar);
-    console.log("note: AI agents \u2014 read AGENTS.md at the repo root before any git command.");
-    console.log();
-    console.log("This repo is stamp-protected. Direct `git commit` to main and direct");
-    console.log("`git push origin main` are violations of the process, even when the");
-    console.log("remote accepts them. The required flow is:");
-    console.log();
-    console.log("  git checkout -b feature; <edit/commit on feature>;");
-    console.log("  stamp review --diff main..feature; stamp merge feature --into main;");
-    console.log("  git push origin main  (or `stamp push main` if origin is a stamp server).");
-    console.log();
-    console.log("Full reference: AGENTS.md (and CLAUDE.md) at the repo root.");
-    console.log(bar);
+  if (r.status === 0) return { status: "deleted" };
+  const stderr = (r.stderr ?? "").trim();
+  if (stderr.includes("HTTP 404") || /Not Found/i.test(stderr)) {
+    return { status: "deleted" };
   }
+  return {
+    status: "failed",
+    error: `${owner}/${repo} keyId=${keyId}: ${stderr || `gh api exited ${r.status}`}`
+  };
 }
-function runBootstrapCommit(repoRoot, scaffoldOrSync) {
-  if (scaffoldOrSync === "sync" || isPathTracked(".stamp/config.yml", repoRoot)) {
-    return { kind: "skipped-already-tracked" };
-  }
-  const toAdd = [".stamp"];
-  if (existsSync6(join4(repoRoot, "AGENTS.md"))) toAdd.push("AGENTS.md");
-  if (existsSync6(join4(repoRoot, "CLAUDE.md"))) toAdd.push("CLAUDE.md");
-  runGit(["add", ...toAdd], repoRoot);
-  let hasStagedChanges = false;
+function getRulesetBypassActors(owner, repo, rulesetId) {
+  const r = spawnSync3(
+    "gh",
+    [
+      "api",
+      `/repos/${owner}/${repo}/rulesets/${rulesetId}`,
+      "--jq",
+      ".bypass_actors"
+    ],
+    { stdio: ["ignore", "pipe", "pipe"], encoding: "utf8" }
+  );
+  if (r.status !== 0) return null;
   try {
-    runGit(["diff", "--cached", "--quiet"], repoRoot);
+    const parsed = JSON.parse(r.stdout);
+    if (!Array.isArray(parsed)) return null;
+    return parsed.filter((e) => {
+      if (typeof e !== "object" || e === null) return false;
+      const o = e;
+      return (typeof o["actor_id"] === "number" || o["actor_id"] === null) && typeof o["actor_type"] === "string" && typeof o["bypass_mode"] === "string";
+    });
   } catch {
-    hasStagedChanges = true;
+    return null;
   }
-  if (!hasStagedChanges) return { kind: "skipped-no-changes" };
-  runGit(
+}
+function replaceBypassActors(owner, repo, rulesetId, desiredActors) {
+  const current = getRulesetBypassActors(owner, repo, rulesetId);
+  if (current === null) {
+    return {
+      status: "failed",
+      error: `${owner}/${repo} ruleset ${rulesetId}: could not read current bypass_actors`
+    };
+  }
+  if (bypassActorListsEqual(current, desiredActors)) {
+    return { status: "unchanged" };
+  }
+  const body = { bypass_actors: desiredActors };
+  const r = spawnSync3(
+    "gh",
     [
-      "commit",
-      "-m",
-      "stamp: bootstrap config (one-time exception \u2014 every later commit goes through stamp review/merge)"
+      "api",
+      "-X",
+      "PUT",
+      `/repos/${owner}/${repo}/rulesets/${rulesetId}`,
+      "--input",
+      "-"
     ],
-    repoRoot
+    {
+      input: JSON.stringify(body),
+      stdio: ["pipe", "pipe", "pipe"],
+      encoding: "utf8"
+    }
   );
-  try {
-    runGit(["remote", "get-url", "origin"], repoRoot);
-  } catch {
-    return { kind: "did-commit" };
+  if (r.status !== 0) {
+    const stderr = (r.stderr ?? "").trim();
+    const stdout = (r.stdout ?? "").trim();
+    return {
+      status: "failed",
+      error: `${owner}/${repo} ruleset ${rulesetId}: ${stderr || stdout || `gh api exited ${r.status}`}`
+    };
+  }
+  return { status: "updated" };
+}
+function bypassActorListsEqual(a, b) {
+  if (a.length !== b.length) return false;
+  const aSet = new Set(a.map(normalizeBypassActor));
+  return b.every((e) => aSet.has(normalizeBypassActor(e)));
+}
+function normalizeBypassActor(e) {
+  const id = e.actor_type === "OrganizationAdmin" && (e.actor_id === null || e.actor_id === 1) ? "ORGADMIN" : String(e.actor_id);
+  return `${e.actor_type}:${id}:${e.bypass_mode}`;
+}
+function computeDesiredBypassActors(current, deployKeyId, flags) {
+  const out = [];
+  for (const a of current) {
+    if (a.actor_type === "OrganizationAdmin" && flags.removeOrgadmin) {
+      continue;
+    }
+    if (a.actor_type === "DeployKey") {
+      continue;
+    }
+    out.push(a);
   }
+  out.push({
+    actor_id: deployKeyId,
+    actor_type: "DeployKey",
+    bypass_mode: "always"
+  });
+  return out;
+}
+
+// src/lib/oteamConfig.ts
+import { existsSync as existsSync7, readFileSync as readFileSync6, renameSync as renameSync2, writeFileSync as writeFileSync6 } from "fs";
+import { homedir } from "os";
+import { join as join4 } from "path";
+var OTEAM_CONFIG_PATH = join4(homedir(), ".open-team", "config.json");
+function readOteamConfig(configPath = OTEAM_CONFIG_PATH) {
+  if (!existsSync7(configPath)) return null;
   try {
-    const branch = runGit(["rev-parse", "--abbrev-ref", "HEAD"], repoRoot).trim();
-    runGit(["push", "origin", branch], repoRoot);
-    return { kind: "did-commit-and-push" };
+    const parsed = JSON.parse(readFileSync6(configPath, "utf8"));
+    if (Array.isArray(parsed)) {
+      throw new Error("config must be a JSON object, not an array");
+    }
+    return parsed;
   } catch (err) {
-    return {
-      kind: "push-failed",
-      error: err instanceof Error ? err.message : String(err)
-    };
+    throw new Error(
+      `${configPath}: ${err instanceof Error ? err.message : String(err)}`
+    );
   }
 }
-function printBootstrapCommitResult(result) {
-  switch (result.kind) {
-    case "did-commit-and-push":
-      console.log(
-        "Bootstrap commit: created and pushed to origin. Every commit from now on goes through stamp review/merge."
-      );
-      break;
-    case "did-commit":
-      console.log(
-        "Bootstrap commit: created locally (no `origin` remote configured). Push when you've added one."
-      );
-      break;
-    case "push-failed":
-      console.log(
-        "warning: bootstrap commit created locally but `git push origin` failed."
-      );
-      console.log(`         underlying error: ${result.error}`);
-      console.log(
-        "         Resolve auth/network/branch-protection and run `git push origin` manually."
+function patchStampHost(host, configPath = OTEAM_CONFIG_PATH) {
+  let config2 = {};
+  if (existsSync7(configPath)) {
+    try {
+      const parsed = JSON.parse(readFileSync6(configPath, "utf8"));
+      if (typeof parsed === "object" && parsed !== null && !Array.isArray(parsed)) {
+        config2 = parsed;
+      }
+    } catch (err) {
+      throw new Error(
+        `${configPath}: ${err instanceof Error ? err.message : String(err)}`
       );
-      break;
-    case "skipped-no-changes":
-      break;
-    case "skipped-already-tracked":
-      break;
+    }
+  }
+  const existing = config2.stamp;
+  const stamp = typeof existing === "object" && existing !== null ? { ...existing } : {};
+  stamp["host"] = host;
+  config2["stamp"] = stamp;
+  const tmp = `${configPath}.tmp`;
+  try {
+    writeFileSync6(tmp, JSON.stringify(config2, null, 2) + "\n", "utf8");
+    renameSync2(tmp, configPath);
+  } catch (err) {
+    throw new Error(
+      `${configPath}: ${err instanceof Error ? err.message : String(err)}`
+    );
   }
 }
-function applyGitHubRulesetWithReporting(remoteUrl) {
-  const parsed = parseGithubOriginUrl(remoteUrl);
-  if (!parsed) {
-    return;
+
+// src/lib/serverConfig.ts
+import { existsSync as existsSync8, readFileSync as readFileSync7 } from "fs";
+import { parse as parseYaml4 } from "yaml";
+var DEFAULT_USER = "git";
+var DEFAULT_REPO_ROOT = "/srv/git";
+var USER_RE = /^[A-Za-z0-9_][A-Za-z0-9._-]*$/;
+var HOST_RE = /^[A-Za-z0-9]([A-Za-z0-9.-]*[A-Za-z0-9])?$/;
+var REPO_ROOT_RE = /^(\/[A-Za-z0-9_-][A-Za-z0-9._-]*)+\/?$/;
+function describeShape2(field) {
+  switch (field) {
+    case "user":
+      return "alphanumerics + . _ -, must not start with -";
+    case "host":
+      return "hostname-shaped (alphanumerics + . -, must start and end with alphanumeric)";
+    case "repo_root_prefix":
+      return "absolute path with alphanumeric/. _ - segments, no .. components";
   }
-  const ghCheck = checkGhAvailable();
-  if (!ghCheck.available) {
-    console.log(
-      `note: GitHub Ruleset auto-apply skipped \u2014 ${ghCheck.reason}.`
-    );
-    console.log(
-      `      For manual setup, see docs/github-ruleset-setup.md.`
+}
+function validateField(field, value, contextPath) {
+  const re = field === "user" ? USER_RE : field === "host" ? HOST_RE : REPO_ROOT_RE;
+  if (!re.test(value)) {
+    throw new Error(
+      `${contextPath}: '${field}' has an invalid shape (got ${JSON.stringify(value)}). Allowed: ${describeShape2(field)}.`
     );
-    console.log();
-    return;
   }
-  const user = lookupAuthenticatedUserId();
-  if (!user) {
-    console.log(
-      `note: GitHub Ruleset auto-apply skipped \u2014 couldn't look up the gh-authenticated user.`
-    );
-    console.log(
-      `      Try \`gh auth status\` to confirm authentication, then re-run \`stamp init\`.`
+}
+function loadServerConfig() {
+  const path2 = userServerConfigPath();
+  if (!existsSync8(path2)) return null;
+  let raw;
+  try {
+    raw = readFileSync7(path2, "utf8");
+  } catch (err) {
+    throw new Error(
+      `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
     );
-    console.log();
-    return;
   }
-  const ownerType = lookupRepoOwnerType(parsed.owner, parsed.repo);
-  if (ownerType === null) {
+  return parseServerConfig(raw, path2);
+}
+function parseServerConfig(raw, contextPath = "<inline>") {
+  const parsed = parseYaml4(raw);
+  if (!parsed || typeof parsed !== "object") {
+    throw new Error(`${contextPath}: must be a YAML mapping with at least 'host' and 'port'`);
+  }
+  const obj = parsed;
+  if (typeof obj.host !== "string" || !obj.host.trim()) {
+    throw new Error(`${contextPath}: 'host' is required and must be a non-empty string`);
+  }
+  if (typeof obj.port !== "number" || !Number.isInteger(obj.port) || obj.port < 1 || obj.port > 65535) {
+    throw new Error(`${contextPath}: 'port' is required and must be an integer 1..65535`);
+  }
+  const host = obj.host.trim();
+  validateField("host", host, contextPath);
+  const user = typeof obj.user === "string" && obj.user.trim() ? obj.user.trim() : DEFAULT_USER;
+  validateField("user", user, contextPath);
+  const repoRootPrefix = typeof obj.repo_root_prefix === "string" && obj.repo_root_prefix.trim() ? obj.repo_root_prefix.trim() : DEFAULT_REPO_ROOT;
+  validateField("repo_root_prefix", repoRootPrefix, contextPath);
+  return {
+    host,
+    port: obj.port,
+    user,
+    repoRootPrefix
+  };
+}
+function parseServerFlag(value, context = "--server") {
+  const m = value.trim().match(/^([^:]+):(\d+)$/);
+  if (!m) {
+    throw new Error(
+      `${context} must be in the form <host>:<port> (got "${value}")`
+    );
+  }
+  const port = Number(m[2]);
+  if (!Number.isInteger(port) || port < 1 || port > 65535) {
+    throw new Error(
+      `${context}: port must be an integer 1..65535 (got "${m[2]}")`
+    );
+  }
+  const host = m[1];
+  validateField("host", host, context);
+  return {
+    host,
+    port,
+    user: DEFAULT_USER,
+    repoRootPrefix: DEFAULT_REPO_ROOT
+  };
+}
+function bareRepoSshUrl(cfg, repoName) {
+  return `ssh://${cfg.user}@${cfg.host}:${cfg.port}${cfg.repoRootPrefix}/${repoName}.git`;
+}
+
+// src/commands/init.ts
+function runInit(opts = {}) {
+  const repoRoot = findRepoRoot();
+  const configDir = stampConfigDir(repoRoot);
+  const configFile = stampConfigFile(repoRoot);
+  const reviewersDir = stampReviewersDir(repoRoot);
+  const trustedKeysDir = stampTrustedKeysDir(repoRoot);
+  const stateDbPath = stampStateDbPath(repoRoot);
+  const remoteName = opts.remote ?? "origin";
+  const remoteClass = classifyRemote(remoteName, repoRoot);
+  const { effectiveMode, warnings } = resolveMode(opts.mode, remoteClass);
+  if (opts.mode === "server-gated" && remoteClass.shape === "forge-direct") {
+    throw new Error(
+      `--mode server-gated requires origin to be a stamp server, but ${describeShape(remoteClass)}.
+
+For server-gated enforcement, the recommended one-command path is:
+  stamp provision <name> --org <github-org>
+(needs ~/.stamp/server.yml with your stamp server's host + port, or --server <host>:<port>).
+That command handles the bare-repo creation, clone, bootstrap merge, GitHub mirror, and Ruleset.
+
+For local-only / advisory use against this GitHub repo: re-run with \`stamp init --mode local-only\`. That mode is honest about the lack of server-side enforcement (signed merges still work, but \`git push origin main\` will not be rejected by the remote).`
+    );
+  }
+  const alreadyHasConfig = existsSync9(configFile);
+  ensureDir(configDir);
+  ensureDir(reviewersDir);
+  ensureDir(trustedKeysDir);
+  if (!alreadyHasConfig) {
+    if (opts.minimal) {
+      writeFileSync7(configFile, stringifyConfig(MINIMAL_CONFIG));
+      writeFileSync7(join5(reviewersDir, "example.md"), EXAMPLE_REVIEWER_PROMPT);
+    } else {
+      writeFileSync7(configFile, stringifyConfig(DEFAULT_CONFIG));
+      writeFileSync7(
+        join5(reviewersDir, "security.md"),
+        DEFAULT_SECURITY_PROMPT
+      );
+      writeFileSync7(
+        join5(reviewersDir, "standards.md"),
+        DEFAULT_STANDARDS_PROMPT
+      );
+      writeFileSync7(
+        join5(reviewersDir, "product.md"),
+        DEFAULT_PRODUCT_PROMPT
+      );
+    }
+  }
+  const { keypair, created: keyCreated } = ensureUserKeypair();
+  const userCfg = loadOrCreateUserConfig();
+  const pubKeyPath = join5(
+    trustedKeysDir,
+    publicKeyFingerprintFilename(keypair.fingerprint)
+  );
+  const keyDeposited = !existsSync9(pubKeyPath);
+  if (keyDeposited) {
+    writeFileSync7(pubKeyPath, keypair.publicKeyPem);
+  }
+  const dbExisted = existsSync9(stateDbPath);
+  const db = openDb(stateDbPath);
+  db.close();
+  const agentsMdAction = opts.agentsMd === false ? "skipped" : ensureAgentsMd(repoRoot, effectiveMode);
+  const claudeMdAction = opts.claudeMd === false ? "skipped" : ensureClaudeMd(repoRoot);
+  const scaffoldOrSync = alreadyHasConfig ? "sync" : "scaffold";
+  console.log(
+    scaffoldOrSync === "scaffold" ? `stamp initialized (scaffolded fresh repo${opts.minimal ? " \u2014 minimal mode, single placeholder reviewer" : " with three starter reviewers"}).
+` : "stamp initialized (synced to existing .stamp/ config).\n"
+  );
+  console.log(`  repo root:   ${repoRoot}`);
+  console.log(`  mode:        ${effectiveMode}${opts.mode ? "" : " (auto-detected)"}`);
+  console.log(`  remote:      ${describeShape(remoteClass)}`);
+  console.log(
+    `  config:      ${configFile}${alreadyHasConfig ? " (existing)" : " (created)"}`
+  );
+  console.log(`  trust store: ${trustedKeysDir}/`);
+  console.log(
+    `  state db:    ${stateDbPath}${dbExisted ? " (existing)" : " (created)"}`
+  );
+  console.log(
+    `  your key:    ${keypair.fingerprint} ${keyCreated ? "(generated)" : "(existing)"}`
+  );
+  if (agentsMdAction !== "unchanged" && agentsMdAction !== "skipped") {
     console.log(
-      `note: GitHub Ruleset auto-apply skipped \u2014 couldn't determine whether ${parsed.owner}/${parsed.repo} is a personal or org repo.`
+      `  AGENTS.md:   ${agentsMdAction} at repo root (${effectiveMode} guidance)`
     );
-    console.log(`      For manual setup, see docs/github-ruleset-setup.md.`);
-    console.log();
-    return;
   }
-  const actor = ownerType === "Organization" ? { type: "OrganizationAdmin", id: 1 } : { type: "User", id: user.id };
-  const actorDescription = actor.type === "OrganizationAdmin" ? "any org admin (your gh-authed user must be one to push as bypass)" : `${user.login}, id ${user.id}`;
-  const result = applyStampRuleset(parsed.owner, parsed.repo, actor);
-  switch (result.status) {
-    case "created":
+  if (claudeMdAction !== "unchanged" && claudeMdAction !== "skipped") {
+    console.log(
+      `  CLAUDE.md:   ${claudeMdAction} at repo root (auto-loaded by Claude Code)`
+    );
+  }
+  console.log(
+    `  models:      ${userCfg.path}${userCfg.created ? " (created \u2014 Sonnet defaults; tweak with `stamp config reviewers set <name> <model-id>`)" : " (existing)"}`
+  );
+  console.log();
+  if (opts.bootstrapCommit !== false) {
+    printBootstrapCommitResult(runBootstrapCommit(repoRoot, scaffoldOrSync));
+  }
+  if (opts.oteam !== false) {
+    maybeOfferOteamHostFill();
+  }
+  const ghProtectOpt = opts.ghProtect !== false;
+  if (ghProtectOpt && remoteClass.shape === "forge-direct" && remoteClass.forge === "github.com" && remoteClass.url) {
+    applyGitHubRulesetWithReporting(remoteClass.url);
+  }
+  for (const warning of warnings) {
+    console.error(warning);
+    console.error();
+  }
+  if (scaffoldOrSync === "scaffold") {
+    if (effectiveMode === "local-only") {
       console.log(
-        `GitHub Ruleset: created stamp-mirror-only on ${parsed.owner}/${parsed.repo} (bypass actor: ${actorDescription}).`
+        "Local-only mode \u2014 your stamp config is committed but NOT enforced server-side."
       );
       console.log(
-        `                Direct \`git push origin main\` from any other identity will now be rejected by GitHub.`
+        "Direct `git push origin main` will succeed. To enforce, deploy a stamp"
       );
-      console.log();
-      break;
-    case "exists":
       console.log(
-        `GitHub Ruleset: stamp-mirror-only already present on ${parsed.owner}/${parsed.repo} (id ${result.rulesetId}). Not modified.`
+        "server (see docs/quickstart-server.md) and re-init with --mode server-gated."
       );
       console.log();
-      break;
-    case "failed":
+    }
+    console.log("Next steps:");
+    if (opts.minimal) {
       console.log(
-        `warning: GitHub Ruleset auto-apply failed: ${result.error}`
+        "  1. Replace .stamp/reviewers/example.md with your own reviewer prompt."
+      );
+      console.log("  2. Or add more reviewers: `stamp reviewers add <name>`.");
+    } else {
+      console.log(
+        "  1. Read the scaffolded prompts in .stamp/reviewers/ \u2014 they're"
       );
       console.log(
-        `         For manual setup, see docs/github-ruleset-setup.md.`
+        "     starting points calibrated for generic TS/JS projects; customize"
       );
-      console.log();
-      break;
+      console.log("     for your codebase. See docs/personas.md for guidance.");
+      console.log(
+        "  2. Optionally add `required_checks` to .stamp/config.yml (e.g."
+      );
+      console.log(`     \`npm run build\`, \`npm run typecheck\`).`);
+    }
+    console.log("  3. Commit the .stamp/ directory.");
+    console.log(
+      "  4. Share your public key (in .stamp/trusted-keys/) with any other"
+    );
+    console.log("     machines that will push to this repo.");
+  } else if (keyDeposited) {
+    console.log(
+      `Your public key was deposited at ${pubKeyPath}.`
+    );
+    console.log(
+      `Commit + push it so the remote will accept merges signed by this machine.`
+    );
+  } else {
+    console.log(
+      "Your key is already in .stamp/trusted-keys/. You're ready to review + merge."
+    );
+  }
+  console.log();
+  console.log(
+    "Privacy: every `stamp review` ships the diff to Anthropic via the Claude"
+  );
+  console.log(
+    `Agent SDK. See README "Data flow / privacy" for what's sent and how to`
+  );
+  console.log(
+    "opt out of the per-repo notice (STAMP_SUPPRESS_LLM_NOTICE=1)."
+  );
+  if (agentsMdAction !== "skipped" || claudeMdAction !== "skipped") {
+    console.log();
+    const bar = "\u2500".repeat(72);
+    console.log(bar);
+    console.log("note: AI agents \u2014 read AGENTS.md at the repo root before any git command.");
+    console.log();
+    console.log("This repo is stamp-protected. Direct `git commit` to main and direct");
+    console.log("`git push origin main` are violations of the process, even when the");
+    console.log("remote accepts them. The required flow is:");
+    console.log();
+    console.log("  git checkout -b feature; <edit/commit on feature>;");
+    console.log("  stamp review --diff main..feature; stamp merge feature --into main;");
+    console.log("  git push origin main  (or `stamp push main` if origin is a stamp server).");
+    console.log();
+    console.log("Full reference: AGENTS.md (and CLAUDE.md) at the repo root.");
+    console.log(bar);
   }
 }
-function resolveMode(userMode, remoteClass) {
-  const warnings = [];
-  if (userMode === "local-only") {
-    return { effectiveMode: "local-only", warnings };
+function runBootstrapCommit(repoRoot, scaffoldOrSync) {
+  if (scaffoldOrSync === "sync" || isPathTracked(".stamp/config.yml", repoRoot)) {
+    return { kind: "skipped-already-tracked" };
   }
-  if (userMode === "server-gated") {
-    return { effectiveMode: "server-gated", warnings };
+  const toAdd = [".stamp"];
+  if (existsSync9(join5(repoRoot, "AGENTS.md"))) toAdd.push("AGENTS.md");
+  if (existsSync9(join5(repoRoot, "CLAUDE.md"))) toAdd.push("CLAUDE.md");
+  runGit(["add", ...toAdd], repoRoot);
+  let hasStagedChanges = false;
+  try {
+    runGit(["diff", "--cached", "--quiet"], repoRoot);
+  } catch {
+    hasStagedChanges = true;
   }
-  switch (remoteClass.shape) {
-    case "stamp-server":
-      return { effectiveMode: "server-gated", warnings };
-    case "forge-direct":
-      warnings.push(
-        `warning: ${describeShape(remoteClass)}.
-         Defaulting to --mode local-only because there's no stamp server in this picture.
-         The committed .stamp/ config will NOT be enforced \u2014 direct \`git push origin main\`
-         will succeed against this remote.
-         To enforce: deploy a stamp server (docs/quickstart-server.md) and re-run with
-         --mode server-gated. To silence this warning: pass --mode local-only explicitly.`
-      );
-      return { effectiveMode: "local-only", warnings };
-    case "unset":
-      warnings.push(
+  if (!hasStagedChanges) return { kind: "skipped-no-changes" };
+  runGit(
+    [
+      "commit",
+      "-m",
+      "stamp: bootstrap config (one-time exception \u2014 every later commit goes through stamp review/merge)"
+    ],
+    repoRoot
+  );
+  try {
+    runGit(["remote", "get-url", "origin"], repoRoot);
+  } catch {
+    return { kind: "did-commit" };
+  }
+  try {
+    const branch = runGit(["rev-parse", "--abbrev-ref", "HEAD"], repoRoot).trim();
+    runGit(["push", "origin", branch], repoRoot);
+    return { kind: "did-commit-and-push" };
+  } catch (err) {
+    return {
+      kind: "push-failed",
+      error: err instanceof Error ? err.message : String(err)
+    };
+  }
+}
+function printBootstrapCommitResult(result) {
+  switch (result.kind) {
+    case "did-commit-and-push":
+      console.log(
+        "Bootstrap commit: created and pushed to origin. Every commit from now on goes through stamp review/merge."
+      );
+      break;
+    case "did-commit":
+      console.log(
+        "Bootstrap commit: created locally (no `origin` remote configured). Push when you've added one."
+      );
+      break;
+    case "push-failed":
+      console.log(
+        "warning: bootstrap commit created locally but `git push origin` failed."
+      );
+      console.log(`         underlying error: ${result.error}`);
+      console.log(
+        "         Resolve auth/network/branch-protection and run `git push origin` manually."
+      );
+      break;
+    case "skipped-no-changes":
+      break;
+    case "skipped-already-tracked":
+      break;
+  }
+}
+function applyGitHubRulesetWithReporting(remoteUrl) {
+  const parsed = parseGithubOriginUrl(remoteUrl);
+  if (!parsed) {
+    return;
+  }
+  const ghCheck = checkGhAvailable();
+  if (!ghCheck.available) {
+    console.log(
+      `note: GitHub Ruleset auto-apply skipped \u2014 ${ghCheck.reason}.`
+    );
+    console.log(
+      `      For manual setup, see docs/github-ruleset-setup.md.`
+    );
+    console.log();
+    return;
+  }
+  const user = lookupAuthenticatedUserId();
+  if (!user) {
+    console.log(
+      `note: GitHub Ruleset auto-apply skipped \u2014 couldn't look up the gh-authenticated user.`
+    );
+    console.log(
+      `      Try \`gh auth status\` to confirm authentication, then re-run \`stamp init\`.`
+    );
+    console.log();
+    return;
+  }
+  const ownerType = lookupRepoOwnerType(parsed.owner, parsed.repo);
+  if (ownerType === null) {
+    console.log(
+      `note: GitHub Ruleset auto-apply skipped \u2014 couldn't determine whether ${parsed.owner}/${parsed.repo} is a personal or org repo.`
+    );
+    console.log(`      For manual setup, see docs/github-ruleset-setup.md.`);
+    console.log();
+    return;
+  }
+  const actor = ownerType === "Organization" ? { type: "OrganizationAdmin", id: 1 } : { type: "User", id: user.id };
+  const actorDescription = actor.type === "OrganizationAdmin" ? "any org admin (your gh-authed user must be one to push as bypass)" : `${user.login}, id ${user.id}`;
+  const result = applyStampRuleset(parsed.owner, parsed.repo, actor);
+  switch (result.status) {
+    case "created":
+      console.log(
+        `GitHub Ruleset: created stamp-mirror-only on ${parsed.owner}/${parsed.repo} (bypass actor: ${actorDescription}).`
+      );
+      console.log(
+        `                Direct \`git push origin main\` from any other identity will now be rejected by GitHub.`
+      );
+      console.log();
+      break;
+    case "exists":
+      console.log(
+        `GitHub Ruleset: stamp-mirror-only already present on ${parsed.owner}/${parsed.repo} (id ${result.rulesetId}). Not modified.`
+      );
+      console.log();
+      break;
+    case "failed":
+      console.log(
+        `warning: GitHub Ruleset auto-apply failed: ${result.error}`
+      );
+      console.log(
+        `         For manual setup, see docs/github-ruleset-setup.md.`
+      );
+      console.log();
+      break;
+  }
+}
+function maybeOfferOteamHostFill() {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) return;
+  let oteamCfg;
+  try {
+    oteamCfg = readOteamConfig();
+  } catch {
+    return;
+  }
+  if (oteamCfg === null) return;
+  const cfg = oteamCfg;
+  const stamp = cfg.stamp;
+  if (stamp?.host) return;
+  let serverCfg;
+  try {
+    serverCfg = loadServerConfig();
+  } catch {
+    return;
+  }
+  if (!serverCfg) return;
+  const host = serverCfg.host;
+  process.stdout.write(
+    `Set oteam's \`stamp.host\` to "${host}"? [y/N] `
+  );
+  const answer = readLineSync().trim().toLowerCase();
+  if (answer !== "y" && answer !== "yes") return;
+  try {
+    patchStampHost(host);
+    console.log(
+      `oteam config: stamp.host set to "${host}" in ~/.open-team/config.json`
+    );
+    console.log();
+  } catch (err) {
+    console.log(
+      `warning: could not patch ~/.open-team/config.json: ${err instanceof Error ? err.message : String(err)}`
+    );
+    console.log();
+  }
+}
+function resolveMode(userMode, remoteClass) {
+  const warnings = [];
+  if (userMode === "local-only") {
+    return { effectiveMode: "local-only", warnings };
+  }
+  if (userMode === "server-gated") {
+    return { effectiveMode: "server-gated", warnings };
+  }
+  switch (remoteClass.shape) {
+    case "stamp-server":
+      return { effectiveMode: "server-gated", warnings };
+    case "forge-direct":
+      warnings.push(
+        `warning: ${describeShape(remoteClass)}.
+         Defaulting to --mode local-only because there's no stamp server in this picture.
+         The committed .stamp/ config will NOT be enforced \u2014 direct \`git push origin main\`
+         will succeed against this remote.
+         To enforce: deploy a stamp server (docs/quickstart-server.md) and re-run with
+         --mode server-gated. To silence this warning: pass --mode local-only explicitly.`
+      );
+      return { effectiveMode: "local-only", warnings };
+    case "unset":
+      warnings.push(
         `note: ${describeShape(remoteClass)}.
       Defaulting to --mode local-only because no remote means no detectable
       server-side enforcement. If you're about to point this at a stamp server,
@@ -2992,104 +3718,401 @@ function resolveMode(userMode, remoteClass) {
 }
 
 // src/commands/provision.ts
-import { spawnSync as spawnSync4 } from "child_process";
-import { existsSync as existsSync8, mkdtempSync, rmSync, writeFileSync as writeFileSync6 } from "fs";
+import { spawnSync as spawnSync6 } from "child_process";
+import { existsSync as existsSync11, mkdtempSync, readFileSync as readFileSync8, rmSync, writeFileSync as writeFileSync9 } from "fs";
 import { tmpdir } from "os";
-import { join as join5, resolve as resolvePath } from "path";
+import { join as join6, resolve as resolvePath } from "path";
+import { parse as parseYaml5 } from "yaml";
 
-// src/lib/serverConfig.ts
-import { existsSync as existsSync7, readFileSync as readFileSync5 } from "fs";
-import { parse as parseYaml3 } from "yaml";
-var DEFAULT_USER = "git";
-var DEFAULT_REPO_ROOT = "/srv/git";
-var USER_RE = /^[A-Za-z0-9_][A-Za-z0-9._-]*$/;
-var HOST_RE = /^[A-Za-z0-9]([A-Za-z0-9.-]*[A-Za-z0-9])?$/;
-var REPO_ROOT_RE = /^(\/[A-Za-z0-9_-][A-Za-z0-9._-]*)+\/?$/;
-function describeShape2(field) {
-  switch (field) {
-    case "user":
-      return "alphanumerics + . _ -, must not start with -";
-    case "host":
-      return "hostname-shaped (alphanumerics + . -, must start and end with alphanumeric)";
-    case "repo_root_prefix":
-      return "absolute path with alphanumeric/. _ - segments, no .. components";
+// src/commands/server.ts
+import { spawnSync as spawnSync5 } from "child_process";
+import { existsSync as existsSync10, mkdirSync as mkdirSync4, renameSync as renameSync3, unlinkSync as unlinkSync2, writeFileSync as writeFileSync8 } from "fs";
+import { dirname as dirname4 } from "path";
+import { stringify as stringifyYaml2 } from "yaml";
+
+// src/lib/perRepoKey.ts
+var VALID_OWNER = /^[A-Za-z0-9-]+$/;
+var VALID_REPO = /^[A-Za-z0-9._-]+$/;
+var SSH_CLIENT_KEY_DIR = "/srv/git/.ssh-client-keys";
+function computePerRepoKeyPath(githubRepo) {
+  if (typeof githubRepo !== "string" || githubRepo.length === 0) {
+    throw new Error("computePerRepoKeyPath: githubRepo must be a non-empty string");
+  }
+  if (githubRepo.startsWith("-")) {
+    throw new Error(
+      `computePerRepoKeyPath: githubRepo must not start with '-': ${githubRepo}`
+    );
+  }
+  if (githubRepo.includes("..")) {
+    throw new Error(
+      `computePerRepoKeyPath: githubRepo must not contain '..': ${githubRepo}`
+    );
+  }
+  const slashCount = (githubRepo.match(/\//g) ?? []).length;
+  if (slashCount !== 1) {
+    throw new Error(
+      `computePerRepoKeyPath: githubRepo must be exactly <owner>/<repo>: ${githubRepo}`
+    );
+  }
+  const [owner, repo] = githubRepo.split("/");
+  if (!owner || !repo) {
+    throw new Error(
+      `computePerRepoKeyPath: owner and repo halves must both be non-empty: ${githubRepo}`
+    );
+  }
+  if (!VALID_OWNER.test(owner)) {
+    throw new Error(
+      `computePerRepoKeyPath: owner must match [A-Za-z0-9-]+ (got "${owner}" in "${githubRepo}")`
+    );
   }
+  if (!VALID_REPO.test(repo)) {
+    throw new Error(
+      `computePerRepoKeyPath: repo must match [A-Za-z0-9._-]+ (got "${repo}" in "${githubRepo}")`
+    );
+  }
+  return `${SSH_CLIENT_KEY_DIR}/${owner}_${repo}_ed25519`;
 }
-function validateField(field, value, contextPath) {
-  const re = field === "user" ? USER_RE : field === "host" ? HOST_RE : REPO_ROOT_RE;
-  if (!re.test(value)) {
+
+// src/commands/serverRepo.ts
+import { spawnSync as spawnSync4 } from "child_process";
+import { createInterface } from "readline";
+async function runServerRepoDelete(opts) {
+  const name = normalizeRepoName(opts.name);
+  if (opts.alsoGithub !== void 0) validateGithubRepoSpec(opts.alsoGithub);
+  const server2 = resolveServer(opts.server);
+  const action = opts.purge ? "PURGE (irreversible)" : "soft-delete (recoverable via restore)";
+  console.log(`About to ${action} bare repo: ${name}`);
+  console.log(`On server: ${server2.user}@${server2.host}:${server2.port}`);
+  if (opts.alsoGithub) {
+    console.log(
+      `Also: gh repo delete ${opts.alsoGithub} (PERMANENT, no GitHub-side undo)`
+    );
+  }
+  console.log();
+  if (!opts.yes) {
+    const expected = opts.purge ? `purge ${name}` : `delete ${name}`;
+    const got = await prompt(`Type "${expected}" to confirm: `);
+    if (got.trim() !== expected) {
+      console.log("note: aborted");
+      return;
+    }
+  }
+  const args = ["delete-stamp-repo", name];
+  if (opts.purge) args.push("--purge");
+  const result = spawnSync4(
+    "ssh",
+    ["-p", String(server2.port), "--", `${server2.user}@${server2.host}`, ...args],
+    { stdio: ["ignore", "inherit", "inherit"] }
+  );
+  if (result.status !== 0) {
     throw new Error(
-      `${contextPath}: '${field}' has an invalid shape (got ${JSON.stringify(value)}). Allowed: ${describeShape2(field)}.`
+      `server-side delete failed (exit ${result.status}). The bare repo on the stamp server was NOT touched. If you see "command not found", the server image is older than 0.7.3 \u2014 redeploy it first.`
     );
   }
+  if (!opts.purge) {
+    console.log();
+    console.log(`Recovery:`);
+    console.log(`  stamp server-repos restore ${name}                 # bring it back`);
+    console.log(`  stamp server-repos delete ${name} --purge          # nuke for real`);
+  }
+  if (opts.alsoGithub) {
+    if (!opts.yes) {
+      const expected = `delete github ${opts.alsoGithub}`;
+      const got = await prompt(
+        `Server-side done. To ALSO delete the GitHub mirror, type "${expected}" (or anything else to skip): `
+      );
+      if (got.trim() !== expected) {
+        console.log(
+          `note: skipped GitHub delete; mirror at https://github.com/${opts.alsoGithub} is intact`
+        );
+        return;
+      }
+    }
+    const ghResult = spawnSync4(
+      "gh",
+      ["repo", "delete", opts.alsoGithub, "--yes"],
+      { stdio: ["ignore", "inherit", "inherit"] }
+    );
+    if (ghResult.status !== 0) {
+      throw new Error(
+        `GitHub repo delete failed (exit ${ghResult.status}). Server-side delete already succeeded; the GitHub mirror is still present at https://github.com/${opts.alsoGithub}.`
+      );
+    }
+  }
 }
-function loadServerConfig() {
+async function runServerRepoRestore(opts) {
+  const name = normalizeRepoName(opts.name);
+  const asName = opts.asName !== void 0 ? normalizeRepoName(opts.asName) : void 0;
+  if (opts.from !== void 0) validateTrashEntryName(opts.from);
+  const server2 = resolveServer(opts.server);
+  const args = ["restore-stamp-repo", name];
+  if (opts.from) {
+    args.push("--from", opts.from);
+  }
+  if (asName) {
+    args.push("--as", asName);
+  }
+  const result = spawnSync4(
+    "ssh",
+    ["-p", String(server2.port), "--", `${server2.user}@${server2.host}`, ...args],
+    { stdio: ["ignore", "inherit", "inherit"] }
+  );
+  if (result.status !== 0) {
+    throw new Error(
+      `server-side restore failed (exit ${result.status}). Run \`stamp server-repos list --trash\` to see what's available.`
+    );
+  }
+}
+function runServerRepoList(opts) {
+  const server2 = resolveServer(opts.server);
+  if (opts.trash) {
+    const result2 = spawnSync4(
+      "ssh",
+      ["-p", String(server2.port), "--", `${server2.user}@${server2.host}`, "list-trash"],
+      { stdio: ["ignore", "inherit", "inherit"] }
+    );
+    if (result2.status !== 0) {
+      throw new Error(
+        `list --trash failed (exit ${result2.status}). If you see "command not found", the server image is older than 0.7.3 \u2014 redeploy it first.`
+      );
+    }
+    return;
+  }
+  const result = spawnSync4(
+    "ssh",
+    [
+      "-p",
+      String(server2.port),
+      "--",
+      `${server2.user}@${server2.host}`,
+      "ls",
+      "-1",
+      "/srv/git/"
+    ],
+    { stdio: ["ignore", "pipe", "inherit"], encoding: "utf8" }
+  );
+  if (result.status !== 0) {
+    throw new Error(`list failed (exit ${result.status}).`);
+  }
+  const entries = filterLiveBareRepoNames(result.stdout);
+  if (entries.length === 0) {
+    console.log("(no live bare repos)");
+    return;
+  }
+  for (const e of entries) console.log(e);
+}
+function resolveServer(serverFlag) {
+  const server2 = serverFlag ? parseServerFlag(serverFlag) : loadServerConfig();
+  if (!server2) {
+    throw new Error(
+      `no stamp server configured. Either:
+  - create ~/.stamp/server.yml with at least:
+      host: <ssh-host>
+      port: <ssh-port>
+  - or pass --server <host>:<port> on the command line.`
+    );
+  }
+  return server2;
+}
+var UsageError = class extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "UsageError";
+  }
+};
+function normalizeRepoName(name) {
+  const canonical = name.endsWith(".git") ? name.slice(0, -4) : name;
+  validateRepoName(canonical);
+  return canonical;
+}
+function filterLiveBareRepoNames(rawOutput) {
+  return rawOutput.split("\n").map((s) => s.trim()).filter(Boolean).filter((s) => s.endsWith(".git")).map((s) => s.slice(0, -4)).filter((s) => s.length > 0);
+}
+function validateRepoName(name) {
+  if (!/^[A-Za-z0-9_][A-Za-z0-9._-]*$/.test(name) || name.includes("..")) {
+    throw new UsageError(
+      `repo name must start with [A-Za-z0-9_], match [A-Za-z0-9._-]+, and not contain '..' (got "${name}")`
+    );
+  }
+}
+function validateTrashEntryName(entry) {
+  if (!/^[0-9]{8}T[0-9]{6}Z-[A-Za-z0-9_][A-Za-z0-9._-]*\.git$/.test(entry)) {
+    throw new UsageError(
+      `--from must match <YYYYMMDDTHHMMSSZ>-<name>.git (got "${entry}"). Run \`stamp server-repos list --trash\` to see valid entry names.`
+    );
+  }
+}
+function validateGithubRepoSpec(spec) {
+  if (!/^[A-Za-z0-9_][A-Za-z0-9-]*\/[A-Za-z0-9_][A-Za-z0-9._-]*$/.test(spec)) {
+    throw new UsageError(
+      `--also-github must be <owner>/<repo> with no leading '-' on either segment (got "${spec}")`
+    );
+  }
+}
+function prompt(question) {
+  const rl = createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve2) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve2(answer);
+    });
+  });
+}
+
+// src/commands/server.ts
+function formatServerConfigYaml(opts) {
+  const body = {
+    host: opts.host,
+    port: opts.port
+  };
+  if (opts.user && opts.user.trim()) body.user = opts.user.trim();
+  if (opts.repoRootPrefix && opts.repoRootPrefix.trim()) {
+    body.repo_root_prefix = opts.repoRootPrefix.trim();
+  }
+  return stringifyYaml2(body);
+}
+function runServerConfig(opts) {
+  const modes = [opts.hostPort, opts.show, opts.unset].filter(Boolean).length;
+  if (modes !== 1) {
+    throw new UsageError(
+      "stamp server config: provide exactly one of <host:port>, --show, or --unset"
+    );
+  }
+  if ((opts.show || opts.unset) && (opts.user || opts.repoRootPrefix)) {
+    throw new UsageError(
+      "stamp server config: --user and --repo-root-prefix only apply when writing (they conflict with --show / --unset)"
+    );
+  }
+  if (opts.show) return showConfig();
+  if (opts.unset) return unsetConfig();
+  return writeConfig(opts);
+}
+function showConfig() {
   const path2 = userServerConfigPath();
-  if (!existsSync7(path2)) return null;
-  let raw;
-  try {
-    raw = readFileSync5(path2, "utf8");
-  } catch (err) {
+  if (!existsSync10(path2)) {
+    console.log(`note: no stamp server configured (${path2} does not exist)`);
+    console.log(`note: run \`stamp server config <host:port>\` to create one`);
+    return;
+  }
+  const cfg = loadServerConfig();
+  if (!cfg) {
+    console.log(`note: no stamp server configured`);
+    return;
+  }
+  console.log(`config:           ${path2}`);
+  console.log(`host:             ${cfg.host}`);
+  console.log(`port:             ${cfg.port}`);
+  console.log(`user:             ${cfg.user}`);
+  console.log(`repo_root_prefix: ${cfg.repoRootPrefix}`);
+}
+function unsetConfig() {
+  const path2 = userServerConfigPath();
+  if (!existsSync10(path2)) {
+    console.log(`note: ${path2} does not exist; nothing to remove`);
+    return;
+  }
+  unlinkSync2(path2);
+  console.log(`removed ${path2}`);
+}
+function fetchServerPubkey(server2, mirror) {
+  const sshArgs = [
+    "-p",
+    String(server2.port),
+    "--",
+    `${server2.user}@${server2.host}`,
+    "stamp-server-pubkey"
+  ];
+  if (mirror) {
+    sshArgs.push(`${mirror.owner}/${mirror.repo}`);
+  }
+  const result = spawnSync5("ssh", sshArgs, {
+    stdio: ["ignore", "pipe", "inherit"],
+    encoding: "utf8"
+  });
+  if (result.status !== 0) {
+    const target = mirror ? ` for ${mirror.owner}/${mirror.repo}` : "";
     throw new Error(
-      `failed to read ${path2}: ${err instanceof Error ? err.message : String(err)}`
+      `stamp server pubkey${target} failed (exit ${result.status}) against ${server2.user}@${server2.host}:${server2.port}. If you see "command not found", the server image predates the deploy-key feature \u2014 redeploy it first.`
     );
   }
-  return parseServerConfig(raw, path2);
+  return result.stdout.trim();
 }
-function parseServerConfig(raw, contextPath = "<inline>") {
-  const parsed = parseYaml3(raw);
-  if (!parsed || typeof parsed !== "object") {
-    throw new Error(`${contextPath}: must be a YAML mapping with at least 'host' and 'port'`);
+function runServerPubkey(opts) {
+  const server2 = resolveServer(opts.server);
+  let mirror;
+  if (opts.repo) {
+    try {
+      computePerRepoKeyPath(opts.repo);
+    } catch (err) {
+      throw new UsageError(
+        `--repo ${err instanceof Error ? err.message.replace(/^computePerRepoKeyPath:\s*/, "") : String(err)}`
+      );
+    }
+    const slashIdx = opts.repo.indexOf("/");
+    mirror = {
+      owner: opts.repo.slice(0, slashIdx),
+      repo: opts.repo.slice(slashIdx + 1)
+    };
   }
-  const obj = parsed;
-  if (typeof obj.host !== "string" || !obj.host.trim()) {
-    throw new Error(`${contextPath}: 'host' is required and must be a non-empty string`);
+  const pubkey = fetchServerPubkey(server2, mirror);
+  process.stdout.write(`${pubkey}
+`);
+}
+function writeConfig(opts) {
+  let parsed;
+  try {
+    parsed = parseServerFlag(opts.hostPort, "stamp server config: <host:port>");
+  } catch (err) {
+    throw new UsageError(err instanceof Error ? err.message : String(err));
   }
-  if (typeof obj.port !== "number" || !Number.isInteger(obj.port) || obj.port < 1 || obj.port > 65535) {
-    throw new Error(`${contextPath}: 'port' is required and must be an integer 1..65535`);
+  const yaml = formatServerConfigYaml({
+    host: parsed.host,
+    port: parsed.port,
+    user: opts.user,
+    repoRootPrefix: opts.repoRootPrefix
+  });
+  const path2 = userServerConfigPath();
+  const dir = dirname4(path2);
+  if (!existsSync10(dir)) mkdirSync4(dir, { recursive: true, mode: 448 });
+  const tmp = `${path2}.tmp.${process.pid}`;
+  writeFileSync8(tmp, yaml, { mode: 384 });
+  renameSync3(tmp, path2);
+  console.log(`wrote ${path2}`);
+  console.log(`host:             ${parsed.host}`);
+  console.log(`port:             ${parsed.port}`);
+  if (opts.user && opts.user.trim()) {
+    console.log(`user:             ${opts.user.trim()}`);
+  }
+  if (opts.repoRootPrefix && opts.repoRootPrefix.trim()) {
+    console.log(`repo_root_prefix: ${opts.repoRootPrefix.trim()}`);
   }
-  const host = obj.host.trim();
-  validateField("host", host, contextPath);
-  const user = typeof obj.user === "string" && obj.user.trim() ? obj.user.trim() : DEFAULT_USER;
-  validateField("user", user, contextPath);
-  const repoRootPrefix = typeof obj.repo_root_prefix === "string" && obj.repo_root_prefix.trim() ? obj.repo_root_prefix.trim() : DEFAULT_REPO_ROOT;
-  validateField("repo_root_prefix", repoRootPrefix, contextPath);
-  return {
-    host,
-    port: obj.port,
-    user,
-    repoRootPrefix
-  };
 }
-function parseServerFlag(value, context = "--server") {
-  const m = value.trim().match(/^([^:]+):(\d+)$/);
-  if (!m) {
+
+// src/commands/provision.ts
+async function runProvision(opts) {
+  if (opts.migrateExisting && opts.migrateBypass) {
     throw new Error(
-      `${context} must be in the form <host>:<port> (got "${value}")`
+      `--migrate-existing and --migrate-bypass are mutually exclusive: the first moves a forge-direct repo to server-gated topology, the second changes the bypass-actor shape on an already-server-gated repo.`
     );
   }
-  const port = Number(m[2]);
-  if (!Number.isInteger(port) || port < 1 || port > 65535) {
+  if (opts.removeOrgadmin && !opts.migrateBypass) {
     throw new Error(
-      `${context}: port must be an integer 1..65535 (got "${m[2]}")`
+      `--remove-orgadmin is only meaningful with --migrate-bypass`
     );
   }
-  const host = m[1];
-  validateField("host", host, context);
-  return {
-    host,
-    port,
-    user: DEFAULT_USER,
-    repoRootPrefix: DEFAULT_REPO_ROOT
-  };
-}
-function bareRepoSshUrl(cfg, repoName) {
-  return `ssh://${cfg.user}@${cfg.host}:${cfg.port}${cfg.repoRootPrefix}/${repoName}.git`;
-}
-
-// src/commands/provision.ts
-async function runProvision(opts) {
-  validateRepoName(opts.name);
+  if (!opts.migrateBypass) {
+    if (!opts.name) {
+      throw new Error(
+        `stamp provision requires a <name> argument (the bare repo name on the stamp server). If you meant to migrate an already-server-gated repo's Ruleset bypass instead, pass --migrate-bypass (identifies the target via cwd's .stamp/mirror.yml; no <name> needed).`
+      );
+    }
+    validateRepoName2(opts.name);
+  } else if (opts.name) {
+    console.log(
+      `note: <name> argument ignored under --migrate-bypass; the target is identified by .stamp/mirror.yml in the cwd.`
+    );
+    console.log();
+  }
   if (opts.org !== void 0) validateOrgName(opts.org);
   const server2 = opts.server ? parseServerFlag(opts.server) : loadServerConfig();
   if (!server2) {
@@ -3103,12 +4126,16 @@ async function runProvision(opts) {
 See docs/quickstart-server.md for how to deploy a stamp server first.`
     );
   }
+  if (opts.migrateBypass) {
+    await runMigrateBypass(opts, server2);
+    return;
+  }
   if (opts.migrateExisting) {
     await runMigrateExisting(opts, server2);
     return;
   }
   const cloneTarget = resolvePath(opts.into ?? opts.name);
-  if (existsSync8(cloneTarget)) {
+  if (existsSync11(cloneTarget)) {
     throw new Error(
       `clone destination already exists: ${cloneTarget}. Move or remove it, or pass --into <other-path>.`
     );
@@ -3136,11 +4163,11 @@ Provisioning bare repo on ${server2.host}:${server2.port}`);
   process.chdir(cloneTarget);
   await runBootstrap({});
   if (mirrorRepo && !opts.noRuleset) {
-    applyMirrorRuleset(mirrorRepo);
+    applyMirrorRuleset(mirrorRepo, server2);
   }
   printSuccess({ cloneTarget, server: server2, repoName: opts.name, mirrorRepo });
 }
-function validateRepoName(name) {
+function validateRepoName2(name) {
   if (!/^[A-Za-z0-9_][A-Za-z0-9._-]*$/.test(name)) {
     throw new Error(
       `repo name must start with [A-Za-z0-9_] and match [A-Za-z0-9._-]+ (got "${name}")`
@@ -3173,13 +4200,19 @@ function printPlan2(args) {
   }
   if (args.opts.org && !args.opts.noMirror && !args.opts.noRuleset) {
     console.log(fmt("GitHub Ruleset", "apply stamp-mirror-only on the mirror repo"));
+    console.log(
+      fmt(
+        "bypass actor",
+        `org repo \u2192 stamp-server deploy key "${STAMP_MIRROR_DEPLOY_KEY_TITLE}" (auto-registered or reused); personal repo \u2192 your gh-authed user`
+      )
+    );
   } else {
     console.log(fmt("GitHub Ruleset", "skipped"));
   }
   console.log(bar);
 }
 function provisionBareRepoOnServer(server2, name) {
-  const result = spawnSync4(
+  const result = spawnSync6(
     "ssh",
     [
       "-p",
@@ -3205,7 +4238,7 @@ function createGithubMirrorRepo(owner, repo, privateRepo) {
     );
   }
   const visibility = privateRepo ? "--private" : "--public";
-  const result = spawnSync4(
+  const result = spawnSync6(
     "gh",
     ["repo", "create", `${owner}/${repo}`, visibility],
     { stdio: ["ignore", "inherit", "inherit"] }
@@ -3228,28 +4261,67 @@ function writeMirrorYml(cloneTarget, mirror) {
   #   - "v*"
 `;
   const path2 = `${cloneTarget}/.stamp/mirror.yml`;
-  writeFileSync6(path2, yml);
+  writeFileSync9(path2, yml);
   console.log(`Wrote mirror.yml \u2192 .stamp/mirror.yml (${mirror.owner}/${mirror.repo})`);
 }
-function applyMirrorRuleset(mirror) {
-  const user = lookupAuthenticatedUserId();
-  if (!user) {
+function applyMirrorRuleset(mirror, server2) {
+  const existing = findExistingStampRuleset(mirror.owner, mirror.repo);
+  if (existing !== null) {
     console.log(
-      `note: GitHub Ruleset auto-apply skipped \u2014 couldn't look up the gh-authenticated user.`
+      `GitHub Ruleset: stamp-mirror-only already present on ${mirror.owner}/${mirror.repo}. Not modified.`
     );
-    console.log(`      Try \`gh auth status\` and re-apply manually via docs/github-ruleset-setup.md.`);
     return;
   }
   const ownerType = lookupRepoOwnerType(mirror.owner, mirror.repo);
   if (ownerType === null) {
     console.log(
-      `note: GitHub Ruleset auto-apply skipped \u2014 couldn't determine whether ${mirror.owner}/${mirror.repo} is a personal or org repo.`
+      `warning: GitHub Ruleset auto-apply skipped \u2014 couldn't determine whether ${mirror.owner}/${mirror.repo} is a personal or org repo.`
     );
-    console.log(`      For manual setup, see docs/github-ruleset-setup.md.`);
+    console.log(`         For manual setup, see docs/github-ruleset-setup.md.`);
     return;
   }
-  const actor = ownerType === "Organization" ? { type: "OrganizationAdmin", id: 1 } : { type: "User", id: user.id };
-  const actorDescription = actor.type === "OrganizationAdmin" ? "any org admin (your gh-authed user must be one to push as bypass)" : `${user.login}, id ${user.id}`;
+  let actor;
+  let actorDescription;
+  if (ownerType === "Organization") {
+    let pubkey;
+    try {
+      pubkey = fetchServerPubkey(server2, mirror);
+    } catch (err) {
+      console.log(
+        `warning: GitHub Ruleset auto-apply skipped \u2014 couldn't fetch stamp server pubkey: ${err instanceof Error ? err.message : String(err)}`
+      );
+      console.log(`         For manual setup, see docs/github-ruleset-setup.md.`);
+      return;
+    }
+    const reg = registerDeployKey(
+      mirror.owner,
+      mirror.repo,
+      STAMP_MIRROR_DEPLOY_KEY_TITLE,
+      pubkey
+    );
+    if (reg.status === "failed") {
+      console.log(`warning: GitHub Ruleset auto-apply skipped \u2014 deploy-key registration failed: ${reg.error}`);
+      console.log(`         For manual setup, see docs/github-ruleset-setup.md.`);
+      return;
+    }
+    const verb = reg.status === "created" ? "registered" : "reused";
+    console.log(
+      `Deploy key: ${verb} "${STAMP_MIRROR_DEPLOY_KEY_TITLE}" on ${mirror.owner}/${mirror.repo} (id ${reg.keyId}).`
+    );
+    actor = { type: "DeployKey", id: reg.keyId };
+    actorDescription = `stamp-server deploy key "${STAMP_MIRROR_DEPLOY_KEY_TITLE}", id ${reg.keyId}`;
+  } else {
+    const user = lookupAuthenticatedUserId();
+    if (!user) {
+      console.log(
+        `warning: GitHub Ruleset auto-apply skipped \u2014 couldn't look up the gh-authenticated user.`
+      );
+      console.log(`         Try \`gh auth status\` and re-apply manually via docs/github-ruleset-setup.md.`);
+      return;
+    }
+    actor = { type: "User", id: user.id };
+    actorDescription = `${user.login}, id ${user.id}`;
+  }
   const result = applyStampRuleset(mirror.owner, mirror.repo, actor);
   switch (result.status) {
     case "created":
@@ -3313,9 +4385,9 @@ async function runMigrateExisting(opts, server2) {
     console.log("\n(dry run \u2014 no changes made)");
     return;
   }
-  const stagingDir = mkdtempSync(join5(tmpdir(), "stamp-migrate-"));
-  const bareCloneDir = join5(stagingDir, `${opts.name}.git`);
-  const tarballPath = join5(stagingDir, `${opts.name}.tar.gz`);
+  const stagingDir = mkdtempSync(join6(tmpdir(), "stamp-migrate-"));
+  const bareCloneDir = join6(stagingDir, `${opts.name}.git`);
+  const tarballPath = join6(stagingDir, `${opts.name}.tar.gz`);
   try {
     console.log(`
 Building bare-clone tarball of existing repo`);
@@ -3337,7 +4409,7 @@ Building bare-clone tarball of existing repo`);
     writeMirrorYml(repoRoot, mirrorParse);
   }
   if (!opts.noMirror && !opts.noRuleset) {
-    applyMirrorRuleset(mirrorParse);
+    applyMirrorRuleset(mirrorParse, server2);
   }
   printMigrateSuccess({ repoRoot, server: server2, repoName: opts.name, mirror: mirrorParse, opts });
 }
@@ -3351,9 +4423,9 @@ function ensureCwdIsGitRepo(cwd) {
   }
 }
 function ensureStampInitDone(cwd) {
-  if (!existsSync8(join5(cwd, ".stamp", "config.yml"))) {
+  if (!existsSync11(join6(cwd, ".stamp", "config.yml"))) {
     throw new Error(
-      `--migrate-existing expects this repo to already be stamp-init'd (${join5(cwd, ".stamp/config.yml")} not found). Run \`stamp init --mode local-only\` first, calibrate your reviewers, then re-run with --migrate-existing.`
+      `--migrate-existing expects this repo to already be stamp-init'd (${join6(cwd, ".stamp/config.yml")} not found). Run \`stamp init --mode local-only\` first, calibrate your reviewers, then re-run with --migrate-existing.`
     );
   }
 }
@@ -3383,7 +4455,7 @@ function ensureWorkingTreeClean(cwd) {
   }
 }
 function runTarGz(parentDir, dirName, outputPath) {
-  const result = spawnSync4("tar", ["-czf", outputPath, "-C", parentDir, dirName], {
+  const result = spawnSync6("tar", ["-czf", outputPath, "-C", parentDir, dirName], {
     stdio: ["ignore", "inherit", "inherit"]
   });
   if (result.status !== 0) {
@@ -3393,7 +4465,7 @@ function runTarGz(parentDir, dirName, outputPath) {
   }
 }
 function scpToServer(server2, localPath, remotePath) {
-  const result = spawnSync4(
+  const result = spawnSync6(
     "scp",
     [
       "-P",
@@ -3411,7 +4483,7 @@ function scpToServer(server2, localPath, remotePath) {
   }
 }
 function sshRunNewStampRepoFromTarball(server2, name, remoteTarballPath) {
-  const result = spawnSync4(
+  const result = spawnSync6(
     "ssh",
     [
       "-p",
@@ -3477,196 +4549,249 @@ mirror.yml was added to .stamp/. Commit it through the normal stamp flow:`);
     console.log(`  stamp push main`);
   }
 }
-
-// src/commands/serverRepo.ts
-import { spawnSync as spawnSync5 } from "child_process";
-import { createInterface } from "readline";
-async function runServerRepoDelete(opts) {
-  const name = normalizeRepoName(opts.name);
-  if (opts.alsoGithub !== void 0) validateGithubRepoSpec(opts.alsoGithub);
-  const server2 = resolveServer(opts.server);
-  const action = opts.purge ? "PURGE (irreversible)" : "soft-delete (recoverable via restore)";
-  console.log(`About to ${action} bare repo: ${name}`);
-  console.log(`On server: ${server2.user}@${server2.host}:${server2.port}`);
-  if (opts.alsoGithub) {
-    console.log(
-      `Also: gh repo delete ${opts.alsoGithub} (PERMANENT, no GitHub-side undo)`
+function readMirrorYmlGithubRepo(repoRoot) {
+  const path2 = join6(repoRoot, ".stamp", "mirror.yml");
+  if (!existsSync11(path2)) {
+    throw new Error(
+      `${path2} not found \u2014 --migrate-bypass operates on an already-server-gated repo, but this cwd has no .stamp/mirror.yml. If the repo is not yet server-gated, provision it first with \`stamp provision --migrate-existing\`.`
     );
   }
-  console.log();
-  if (!opts.yes) {
-    const expected = opts.purge ? `purge ${name}` : `delete ${name}`;
-    const got = await prompt(`Type "${expected}" to confirm: `);
-    if (got.trim() !== expected) {
-      console.log("note: aborted");
-      return;
-    }
-  }
-  const args = ["delete-stamp-repo", name];
-  if (opts.purge) args.push("--purge");
-  const result = spawnSync5(
-    "ssh",
-    ["-p", String(server2.port), "--", `${server2.user}@${server2.host}`, ...args],
-    { stdio: ["ignore", "inherit", "inherit"] }
-  );
-  if (result.status !== 0) {
+  let raw;
+  try {
+    raw = readFileSync8(path2, "utf8");
+  } catch (err) {
     throw new Error(
-      `server-side delete failed (exit ${result.status}). The bare repo on the stamp server was NOT touched. If you see "command not found", the server image is older than 0.7.3 \u2014 redeploy it first.`
+      `could not read ${path2}: ${err instanceof Error ? err.message : String(err)}`
     );
   }
-  if (!opts.purge) {
-    console.log();
-    console.log(`Recovery:`);
-    console.log(`  stamp server-repos restore ${name}                 # bring it back`);
-    console.log(`  stamp server-repos delete ${name} --purge          # nuke for real`);
-  }
-  if (opts.alsoGithub) {
-    if (!opts.yes) {
-      const expected = `delete github ${opts.alsoGithub}`;
-      const got = await prompt(
-        `Server-side done. To ALSO delete the GitHub mirror, type "${expected}" (or anything else to skip): `
-      );
-      if (got.trim() !== expected) {
-        console.log(
-          `note: skipped GitHub delete; mirror at https://github.com/${opts.alsoGithub} is intact`
-        );
-        return;
-      }
-    }
-    const ghResult = spawnSync5(
-      "gh",
-      ["repo", "delete", opts.alsoGithub, "--yes"],
-      { stdio: ["ignore", "inherit", "inherit"] }
+  let parsed;
+  try {
+    parsed = parseYaml5(raw);
+  } catch (err) {
+    throw new Error(
+      `${path2} failed to parse as YAML: ${err instanceof Error ? err.message : String(err)}`
     );
-    if (ghResult.status !== 0) {
-      throw new Error(
-        `GitHub repo delete failed (exit ${ghResult.status}). Server-side delete already succeeded; the GitHub mirror is still present at https://github.com/${opts.alsoGithub}.`
-      );
-    }
   }
-}
-async function runServerRepoRestore(opts) {
-  const name = normalizeRepoName(opts.name);
-  const asName = opts.asName !== void 0 ? normalizeRepoName(opts.asName) : void 0;
-  if (opts.from !== void 0) validateTrashEntryName(opts.from);
-  const server2 = resolveServer(opts.server);
-  const args = ["restore-stamp-repo", name];
-  if (opts.from) {
-    args.push("--from", opts.from);
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new Error(`${path2} is empty or not a map`);
   }
-  if (asName) {
-    args.push("--as", asName);
+  const obj = parsed;
+  const gh = obj["github"];
+  if (!gh || typeof gh !== "object" || Array.isArray(gh)) {
+    throw new Error(`${path2} has no usable 'github' map`);
   }
-  const result = spawnSync5(
-    "ssh",
-    ["-p", String(server2.port), "--", `${server2.user}@${server2.host}`, ...args],
-    { stdio: ["ignore", "inherit", "inherit"] }
-  );
-  if (result.status !== 0) {
+  const repoStr = gh["repo"];
+  if (typeof repoStr !== "string" || !/^[A-Za-z0-9._-]+\/[A-Za-z0-9._-]+$/.test(repoStr)) {
     throw new Error(
-      `server-side restore failed (exit ${result.status}). Run \`stamp server-repos list --trash\` to see what's available.`
+      `${path2} github.repo is missing or not of form 'owner/repo' (got ${JSON.stringify(repoStr)})`
     );
   }
+  const slashIdx = repoStr.indexOf("/");
+  return {
+    owner: repoStr.slice(0, slashIdx),
+    repo: repoStr.slice(slashIdx + 1)
+  };
 }
-function runServerRepoList(opts) {
-  const server2 = resolveServer(opts.server);
-  if (opts.trash) {
-    const result2 = spawnSync5(
-      "ssh",
-      ["-p", String(server2.port), "--", `${server2.user}@${server2.host}`, "list-trash"],
-      { stdio: ["ignore", "inherit", "inherit"] }
+async function runMigrateBypass(opts, server2) {
+  const repoRoot = process.cwd();
+  const mirror = readMirrorYmlGithubRepo(repoRoot);
+  const ghCheck = checkGhAvailable();
+  if (!ghCheck.available) {
+    throw new Error(
+      `--migrate-bypass requires gh: ${ghCheck.reason}. Install/authenticate gh, then re-run.`
     );
-    if (result2.status !== 0) {
-      throw new Error(
-        `list --trash failed (exit ${result2.status}). If you see "command not found", the server image is older than 0.7.3 \u2014 redeploy it first.`
-      );
-    }
+  }
+  printMigrateBypassPlan({ mirror, server: server2, opts });
+  if (opts.dryRun) {
+    console.log("\n(dry run \u2014 no changes made)");
     return;
   }
-  const result = spawnSync5(
-    "ssh",
-    [
-      "-p",
-      String(server2.port),
-      "--",
-      `${server2.user}@${server2.host}`,
-      "ls",
-      "-1",
-      "/srv/git/"
-    ],
-    { stdio: ["ignore", "pipe", "inherit"], encoding: "utf8" }
+  console.log(`
+Fetching per-repo deploy key from stamp server`);
+  let pubkey;
+  try {
+    pubkey = fetchServerPubkey(server2, mirror);
+  } catch (err) {
+    throw new Error(
+      `failed to fetch per-repo pubkey for ${mirror.owner}/${mirror.repo} from ${server2.user}@${server2.host}:${server2.port}: ${err instanceof Error ? err.message : String(err)}`
+    );
+  }
+  console.log(`Checking existing deploy keys on ${mirror.owner}/${mirror.repo}`);
+  const existingKeyId = findDeployKey(
+    mirror.owner,
+    mirror.repo,
+    STAMP_MIRROR_DEPLOY_KEY_TITLE
   );
-  if (result.status !== 0) {
-    throw new Error(`list failed (exit ${result.status}).`);
+  let deployKeyId;
+  if (existingKeyId !== null) {
+    const existingBody = fetchDeployKeyPublic(
+      mirror.owner,
+      mirror.repo,
+      existingKeyId
+    );
+    if (existingBody === pubkey) {
+      console.log(
+        `Deploy key: "${STAMP_MIRROR_DEPLOY_KEY_TITLE}" already matches per-repo pubkey (keyId ${existingKeyId}). No change.`
+      );
+      deployKeyId = existingKeyId;
+    } else {
+      console.log(
+        `Deploy key: "${STAMP_MIRROR_DEPLOY_KEY_TITLE}" is registered but doesn't match the per-repo pubkey (keyId ${existingKeyId}). Deleting before re-registering.`
+      );
+      const del = deleteDeployKey(mirror.owner, mirror.repo, existingKeyId);
+      if (del.status === "failed") {
+        throw new Error(`deploy-key cleanup failed: ${del.error}`);
+      }
+      deployKeyId = registerStampMirrorKey(mirror, pubkey);
+    }
+  } else {
+    deployKeyId = registerStampMirrorKey(mirror, pubkey);
   }
-  const entries = filterLiveBareRepoNames(result.stdout);
-  if (entries.length === 0) {
-    console.log("(no live bare repos)");
+  console.log(`Looking up stamp-mirror-only ruleset on ${mirror.owner}/${mirror.repo}`);
+  const rulesetId = findExistingStampRuleset(mirror.owner, mirror.repo);
+  if (rulesetId === null) {
+    console.log(
+      `note: no \`stamp-mirror-only\` Ruleset on ${mirror.owner}/${mirror.repo}. Deploy key is registered; no bypass list to update.`
+    );
+    console.log(
+      `      If this repo is server-gated only (no GitHub-side enforcement), that's expected and you're done.`
+    );
+    console.log(
+      `      If you EXPECTED a Ruleset, it may use a non-canonical name (e.g. think-cli's \`Protect Main\`) \u2014 rename to \`stamp-mirror-only\` in the GitHub UI and re-run, or migrate by hand.`
+    );
+    if (opts.removeOrgadmin) {
+      console.log(
+        `      --remove-orgadmin requested but there's no Ruleset bypass list to modify; ignoring.`
+      );
+    }
+    printMigrateBypassSuccess({
+      mirror,
+      server: server2,
+      opts,
+      rulesetUpdated: false
+    });
     return;
   }
-  for (const e of entries) console.log(e);
-}
-function resolveServer(serverFlag) {
-  const server2 = serverFlag ? parseServerFlag(serverFlag) : loadServerConfig();
-  if (!server2) {
+  console.log(`Reading current bypass_actors on ruleset ${rulesetId}`);
+  const current = getRulesetBypassActors(mirror.owner, mirror.repo, rulesetId);
+  if (current === null) {
     throw new Error(
-      `no stamp server configured. Either:
-  - create ~/.stamp/server.yml with at least:
-      host: <ssh-host>
-      port: <ssh-port>
-  - or pass --server <host>:<port> on the command line.`
+      `could not read bypass_actors on ${mirror.owner}/${mirror.repo} ruleset ${rulesetId}`
     );
   }
-  return server2;
-}
-var UsageError = class extends Error {
-  constructor(message) {
-    super(message);
-    this.name = "UsageError";
+  const desired = computeDesiredBypassActors(current, deployKeyId, {
+    removeOrgadmin: opts.removeOrgadmin === true
+  });
+  const result = replaceBypassActors(
+    mirror.owner,
+    mirror.repo,
+    rulesetId,
+    desired
+  );
+  if (result.status === "failed") {
+    throw new Error(`ruleset bypass update failed: ${result.error}`);
   }
-};
-function normalizeRepoName(name) {
-  const canonical = name.endsWith(".git") ? name.slice(0, -4) : name;
-  validateRepoName2(canonical);
-  return canonical;
+  if (result.status === "updated") {
+    console.log(
+      `Ruleset bypass: updated to [${desired.map((a) => a.actor_type).join(", ")}].`
+    );
+  } else {
+    console.log(`Ruleset bypass: already up to date. No change.`);
+  }
+  printMigrateBypassSuccess({ mirror, server: server2, opts, rulesetUpdated: true });
 }
-function filterLiveBareRepoNames(rawOutput) {
-  return rawOutput.split("\n").map((s) => s.trim()).filter(Boolean).filter((s) => s.endsWith(".git")).map((s) => s.slice(0, -4)).filter((s) => s.length > 0);
+function registerStampMirrorKey(mirror, pubkey) {
+  const reg = registerDeployKey(
+    mirror.owner,
+    mirror.repo,
+    STAMP_MIRROR_DEPLOY_KEY_TITLE,
+    pubkey
+  );
+  if (reg.status === "failed") {
+    throw new Error(`deploy-key registration failed: ${reg.error}`);
+  }
+  console.log(
+    `Deploy key: registered "${STAMP_MIRROR_DEPLOY_KEY_TITLE}" on ${mirror.owner}/${mirror.repo} (id ${reg.keyId}).`
+  );
+  return reg.keyId;
 }
-function validateRepoName2(name) {
-  if (!/^[A-Za-z0-9_][A-Za-z0-9._-]*$/.test(name) || name.includes("..")) {
-    throw new UsageError(
-      `repo name must start with [A-Za-z0-9_], match [A-Za-z0-9._-]+, and not contain '..' (got "${name}")`
+function printMigrateBypassPlan(args) {
+  const bar = "\u2500".repeat(72);
+  console.log(bar);
+  console.log("stamp provision --migrate-bypass \u2014 plan");
+  console.log(bar);
+  console.log(fmt("mirror", `${args.mirror.owner}/${args.mirror.repo}`));
+  console.log(fmt("stamp server", `${args.server.user}@${args.server.host}:${args.server.port}`));
+  console.log(
+    fmt(
+      "deploy key",
+      `fetch per-repo pubkey from server; register as "${STAMP_MIRROR_DEPLOY_KEY_TITLE}" on the mirror (replacing any prior entry under that title)`
+    )
+  );
+  console.log(
+    fmt(
+      "ruleset",
+      `add DeployKey actor to stamp-mirror-only bypass list` + (args.opts.removeOrgadmin ? `; remove OrganizationAdmin (--remove-orgadmin)` : `; preserve OrganizationAdmin`)
+    )
+  );
+  console.log(bar);
+  if (args.opts.removeOrgadmin) {
+    console.log(
+      `warning: --remove-orgadmin strips the OrganizationAdmin bypass before any push-verification step runs. Verify the DeployKey transport works (one stamp push) before running this.`
     );
   }
 }
-function validateTrashEntryName(entry) {
-  if (!/^[0-9]{8}T[0-9]{6}Z-[A-Za-z0-9_][A-Za-z0-9._-]*\.git$/.test(entry)) {
-    throw new UsageError(
-      `--from must match <YYYYMMDDTHHMMSSZ>-<name>.git (got "${entry}"). Run \`stamp server-repos list --trash\` to see valid entry names.`
+function printMigrateBypassSuccess(args) {
+  const bar = "\u2500".repeat(72);
+  console.log(`
+${bar}`);
+  console.log(
+    args.rulesetUpdated ? `\u2713 bypass migrated` : `\u2713 deploy key registered (no ruleset to migrate)`
+  );
+  console.log(bar);
+  console.log(fmt("mirror", `${args.mirror.owner}/${args.mirror.repo}`));
+  if (args.rulesetUpdated) {
+    console.log(
+      fmt(
+        "bypass actors",
+        args.opts.removeOrgadmin ? `DeployKey (OrganizationAdmin removed)` : `OrganizationAdmin + DeployKey`
+      )
+    );
+  } else {
+    console.log(
+      fmt(
+        "bypass actors",
+        `n/a (no stamp-mirror-only Ruleset on this repo \u2014 server-gated only)`
+      )
     );
   }
-}
-function validateGithubRepoSpec(spec) {
-  if (!/^[A-Za-z0-9_][A-Za-z0-9-]*\/[A-Za-z0-9_][A-Za-z0-9._-]*$/.test(spec)) {
-    throw new UsageError(
-      `--also-github must be <owner>/<repo> with no leading '-' on either segment (got "${spec}")`
+  console.log(bar);
+  if (!args.rulesetUpdated) {
+    console.log(
+      `
+Deploy key is registered; the next stamp push's mirror leg will use it.
+No GitHub Ruleset was found on this repo, so there's no bypass enforcement
+to verify. If you want GitHub-side protection, apply the stamp-mirror-only
+Ruleset separately (see docs/github-ruleset-setup.md).`
+    );
+  } else if (!args.opts.removeOrgadmin) {
+    console.log(
+      `
+Next: do a stamp merge + push to verify the DeployKey transport works,
+then re-run with --remove-orgadmin to drop the OrganizationAdmin fallback.`
+    );
+  } else {
+    console.log(
+      `
+The stamp-mirror-only Ruleset now bypasses ONLY via the per-repo deploy key.
+Direct \`git push origin main\` from any non-stamp source will be rejected.`
     );
   }
 }
-function prompt(question) {
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise((resolve2) => {
-    rl.question(question, (answer) => {
-      rl.close();
-      resolve2(answer);
-    });
-  });
-}
 
 // src/commands/keys.ts
-import { existsSync as existsSync9, readdirSync as readdirSync2, readFileSync as readFileSync6, writeFileSync as writeFileSync7 } from "fs";
-import { basename, join as join6 } from "path";
+import { existsSync as existsSync12, readdirSync as readdirSync2, readFileSync as readFileSync9, writeFileSync as writeFileSync10 } from "fs";
+import { basename, join as join7 } from "path";
 function keysGenerate() {
   const existing = loadUserKeypair();
   if (existing) {
@@ -3699,7 +4824,7 @@ function keysList() {
     const repoRoot = findRepoRoot();
     const trustedDir = stampTrustedKeysDir(repoRoot);
     console.log(`repo trusted keys: ${trustedDir}/`);
-    if (!existsSync9(trustedDir)) {
+    if (!existsSync12(trustedDir)) {
       console.log("  (directory does not exist \u2014 run `stamp init`)");
       return;
     }
@@ -3710,7 +4835,7 @@ function keysList() {
     }
     for (const file of pubFiles.sort()) {
       try {
-        const pem = readFileSync6(join6(trustedDir, file), "utf8");
+        const pem = readFileSync9(join7(trustedDir, file), "utf8");
         const fp = fingerprintFromPem(pem);
         const marker = local && fp === local.fingerprint ? " (you)" : "";
         console.log(`  ${fp}${marker}  [${file}]`);
@@ -3729,15 +4854,15 @@ function keysExport() {
 function keysTrust(pubFile) {
   const repoRoot = findRepoRoot();
   const trustedDir = stampTrustedKeysDir(repoRoot);
-  if (!existsSync9(trustedDir)) {
+  if (!existsSync12(trustedDir)) {
     throw new Error(
       `no ${trustedDir} \u2014 run \`stamp init\` first to create the trust store`
     );
   }
-  if (!existsSync9(pubFile)) {
+  if (!existsSync12(pubFile)) {
     throw new Error(`public key file not found: ${pubFile}`);
   }
-  const pem = readFileSync6(pubFile, "utf8");
+  const pem = readFileSync9(pubFile, "utf8");
   let fingerprint;
   try {
     fingerprint = fingerprintFromPem(pem);
@@ -3747,12 +4872,12 @@ function keysTrust(pubFile) {
     );
   }
   const filename = publicKeyFingerprintFilename(fingerprint);
-  const dest = join6(trustedDir, filename);
-  if (existsSync9(dest)) {
+  const dest = join7(trustedDir, filename);
+  if (existsSync12(dest)) {
     console.log(`${fingerprint} is already trusted (${basename(dest)})`);
     return;
   }
-  writeFileSync7(dest, pem);
+  writeFileSync10(dest, pem);
   console.log(`trusted ${fingerprint}`);
   console.log(`  \u2192 ${dest}`);
   console.log();
@@ -3760,11 +4885,11 @@ function keysTrust(pubFile) {
 }
 
 // src/commands/log.ts
-import { existsSync as existsSync10 } from "fs";
+import { existsSync as existsSync13 } from "fs";
 function runLog(opts) {
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  if (!existsSync10(configPath)) {
+  if (!existsSync13(configPath)) {
     throw new Error(
       `no .stamp/config.yml at ${configPath}. Run \`stamp init\` first.`
     );
@@ -3881,7 +5006,7 @@ function printCommitDetail(sha, repoRoot) {
 }
 function collectReviewProse(repoRoot, payload) {
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync10(dbPath)) return [];
+  if (!existsSync13(dbPath)) return [];
   const db = openDb(dbPath);
   try {
     const rows = latestReviews(db, payload.base_sha, payload.head_sha);
@@ -3895,7 +5020,7 @@ function printReviewHistory(repoRoot, limit, diff) {
   const configPath = stampConfigFile(repoRoot);
   loadConfig(configPath);
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync10(dbPath)) {
+  if (!existsSync13(dbPath)) {
     console.log("No reviews recorded yet.");
     return;
   }
@@ -3936,7 +5061,8 @@ function printReviewHistory(repoRoot, limit, diff) {
 }
 
 // src/commands/prune.ts
-import { existsSync as existsSync11, statSync as statSync2 } from "fs";
+import { existsSync as existsSync14, readdirSync as readdirSync3, statSync as statSync2, unlinkSync as unlinkSync3 } from "fs";
+import { join as join8 } from "path";
 
 // src/lib/duration.ts
 function parseRetentionDuration(input) {
@@ -3949,53 +5075,116 @@ function parseRetentionDuration(input) {
   const n = match[1];
   const unit = match[2];
   const unitWord = unit === "d" ? "days" : unit === "h" ? "hours" : "minutes";
+  const nNum = Number(n);
+  const msPerUnit = unit === "d" ? 864e5 : unit === "h" ? 36e5 : 6e4;
   return {
     sqliteModifier: `-${n} ${unitWord}`,
-    humanLabel: `${n}${unit}`
+    humanLabel: `${n}${unit}`,
+    durationMs: nNum * msPerUnit
   };
 }
 
 // src/commands/prune.ts
 function runPrune(opts) {
-  const { sqliteModifier, humanLabel } = parseRetentionDuration(opts.olderThan);
+  const { sqliteModifier, humanLabel, durationMs } = parseRetentionDuration(
+    opts.olderThan
+  );
   const repoRoot = findRepoRoot();
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync11(dbPath)) {
+  const spoolDir = join8(gitCommonDir(repoRoot), "stamp", "failed-parses");
+  const spoolCutoffMs = Date.now() - durationMs;
+  if (!existsSync14(dbPath) && !existsSync14(spoolDir)) {
     console.log(
-      `note: ${dbPath} does not exist; nothing to prune (state.db is created on first \`stamp review\`)`
+      `note: nothing to prune (neither ${dbPath} nor ${spoolDir} exists \u2014 both are created on first \`stamp review\`)`
     );
     return;
   }
-  const sizeBefore = statSync2(dbPath).size;
-  const db = openDb(dbPath);
+  const db = existsSync14(dbPath) ? openDb(dbPath) : null;
   try {
     if (opts.dryRun) {
-      const peek = peekPrunable(db, sqliteModifier);
-      if (peek.total === 0) {
-        console.log(`note: nothing to prune (no rows older than ${humanLabel})`);
-        return;
+      let any2 = false;
+      if (db) {
+        const peek = peekPrunable(db, sqliteModifier);
+        if (peek.total > 0) {
+          console.log(
+            `would prune ${peek.total} review row${peek.total === 1 ? "" : "s"} older than ${humanLabel} (${peek.perReviewer.length} reviewer${peek.perReviewer.length === 1 ? "" : "s"} affected):`
+          );
+          printPerReviewer(peek.perReviewer);
+          any2 = true;
+        }
+      }
+      const spoolPeek = peekFailedParseSpools(spoolDir, spoolCutoffMs);
+      if (spoolPeek.length > 0) {
+        if (any2) console.log("");
+        console.log(
+          `would prune ${spoolPeek.length} failed-parse spool file${spoolPeek.length === 1 ? "" : "s"} older than ${humanLabel}:`
+        );
+        for (const f of spoolPeek) console.log(`  ${f}`);
+        any2 = true;
       }
+      if (!any2) {
+        console.log(`note: nothing to prune (no rows or spools older than ${humanLabel})`);
+      } else {
+        console.log("\n(dry run \u2014 no changes made)");
+      }
+      return;
+    }
+    let any = false;
+    if (db) {
+      const sizeBefore = statSync2(dbPath).size;
+      const result = pruneReviews(db, sqliteModifier);
+      if (result.total > 0) {
+        db.exec("VACUUM");
+        const sizeAfter = statSync2(dbPath).size;
+        console.log(
+          `${result.total} review row${result.total === 1 ? "" : "s"} pruned (${result.perReviewer.length} reviewer${result.perReviewer.length === 1 ? "" : "s"} affected); db size ${sizeBefore} \u2192 ${sizeAfter} bytes`
+        );
+        printPerReviewer(result.perReviewer);
+        any = true;
+      }
+    }
+    const spoolDeleted = pruneFailedParseSpools(spoolDir, spoolCutoffMs);
+    if (spoolDeleted > 0) {
+      if (any) console.log("");
       console.log(
-        `would prune ${peek.total} row${peek.total === 1 ? "" : "s"} older than ${humanLabel} (${peek.perReviewer.length} reviewer${peek.perReviewer.length === 1 ? "" : "s"} affected):`
+        `${spoolDeleted} failed-parse spool file${spoolDeleted === 1 ? "" : "s"} pruned`
       );
-      printPerReviewer(peek.perReviewer);
-      console.log("\n(dry run \u2014 no changes made)");
-      return;
+      any = true;
     }
-    const result = pruneReviews(db, sqliteModifier);
-    if (result.total === 0) {
-      console.log(`note: nothing to prune (no rows older than ${humanLabel})`);
-      return;
+    if (!any) {
+      console.log(`note: nothing to prune (no rows or spools older than ${humanLabel})`);
     }
-    db.exec("VACUUM");
-    const sizeAfter = statSync2(dbPath).size;
-    console.log(
-      `${result.total} row${result.total === 1 ? "" : "s"} pruned (${result.perReviewer.length} reviewer${result.perReviewer.length === 1 ? "" : "s"} affected); db size ${sizeBefore} \u2192 ${sizeAfter} bytes`
-    );
-    printPerReviewer(result.perReviewer);
   } finally {
-    db.close();
+    db?.close();
+  }
+}
+function peekFailedParseSpools(spoolDir, cutoffMs) {
+  if (!existsSync14(spoolDir)) return [];
+  const out = [];
+  for (const entry of readdirSync3(spoolDir)) {
+    const filepath = join8(spoolDir, entry);
+    let stat;
+    try {
+      stat = statSync2(filepath);
+    } catch {
+      continue;
+    }
+    if (!stat.isFile()) continue;
+    if (stat.mtimeMs < cutoffMs) out.push(filepath);
+  }
+  return out.sort();
+}
+function pruneFailedParseSpools(spoolDir, cutoffMs) {
+  const targets = peekFailedParseSpools(spoolDir, cutoffMs);
+  let deleted = 0;
+  for (const filepath of targets) {
+    try {
+      unlinkSync3(filepath);
+      deleted++;
+    } catch {
+    }
   }
+  return deleted;
 }
 function printPerReviewer(rows) {
   const maxNameLen = Math.max(16, ...rows.map((r) => r.reviewer.length));
@@ -4006,119 +5195,149 @@ function printPerReviewer(rows) {
   }
 }
 
-// src/commands/server.ts
-import { existsSync as existsSync12, mkdirSync as mkdirSync3, renameSync, unlinkSync, writeFileSync as writeFileSync8 } from "fs";
-import { dirname as dirname3 } from "path";
-import { stringify as stringifyYaml } from "yaml";
-function formatServerConfigYaml(opts) {
-  const body = {
-    host: opts.host,
-    port: opts.port
+// src/commands/config.ts
+import { existsSync as existsSync15 } from "fs";
+function runConfigReviewersSet(opts) {
+  if (!isValidReviewerName(opts.reviewer)) {
+    throw new UsageError(
+      `invalid reviewer name '${opts.reviewer}'. Names must be alphanumerics + '_' / '-', max 64 chars, no leading hyphen \u2014 same shape as \`stamp reviewers add\` accepts.`
+    );
+  }
+  const id = opts.modelId.trim();
+  if (id === "") {
+    throw new UsageError(
+      `model id is required and must be a non-empty string (e.g. 'claude-sonnet-4-6' or 'claude-opus-4-7')`
+    );
+  }
+  if (!isValidModelId(id)) {
+    throw new UsageError(
+      `model id '${opts.modelId}' has an invalid shape \u2014 expected a token like 'claude-sonnet-4-6' or 'claude-opus-4-7'. The agent SDK treats this as an opaque string, so a typo here will fail at API-call time rather than at config-write \u2014 but stamp rejects shapes with whitespace or control chars.`
+    );
+  }
+  const existing = loadOrEmpty();
+  const prior = existing.reviewers[opts.reviewer];
+  const next = {
+    reviewers: { ...existing.reviewers, [opts.reviewer]: id }
   };
-  if (opts.user && opts.user.trim()) body.user = opts.user.trim();
-  if (opts.repoRootPrefix && opts.repoRootPrefix.trim()) {
-    body.repo_root_prefix = opts.repoRootPrefix.trim();
+  const path2 = writeUserConfig(next);
+  if (prior === id) {
+    console.log(`reviewers.${opts.reviewer} = ${id} (unchanged)`);
+  } else if (prior) {
+    console.log(`reviewers.${opts.reviewer}: ${prior} -> ${id}`);
+  } else {
+    console.log(`reviewers.${opts.reviewer} = ${id} (new)`);
   }
-  return stringifyYaml(body);
+  console.log(`wrote ${path2}`);
 }
-function runServerConfig(opts) {
-  const modes = [opts.hostPort, opts.show, opts.unset].filter(Boolean).length;
-  if (modes !== 1) {
+function runConfigReviewersClear(opts) {
+  if (opts.all && opts.reviewer) {
     throw new UsageError(
-      "stamp server config: provide exactly one of <host:port>, --show, or --unset"
+      `\`stamp config reviewers clear\`: pass either <reviewer> or --all, not both`
     );
   }
-  if ((opts.show || opts.unset) && (opts.user || opts.repoRootPrefix)) {
+  if (!opts.all && !opts.reviewer) {
     throw new UsageError(
-      "stamp server config: --user and --repo-root-prefix only apply when writing (they conflict with --show / --unset)"
+      `\`stamp config reviewers clear\`: pass <reviewer> to clear one entry or --all to remove the whole config`
     );
   }
-  if (opts.show) return showConfig();
-  if (opts.unset) return unsetConfig();
-  return writeConfig(opts);
-}
-function showConfig() {
-  const path2 = userServerConfigPath();
-  if (!existsSync12(path2)) {
-    console.log(`note: no stamp server configured (${path2} does not exist)`);
-    console.log(`note: run \`stamp server config <host:port>\` to create one`);
+  if (opts.all) {
+    const removed = deleteUserConfig();
+    const path3 = userConfigPath();
+    if (removed) {
+      console.log(`removed ${path3}`);
+    } else {
+      console.log(`note: ${path3} does not exist; nothing to remove`);
+    }
     return;
   }
-  const cfg = loadServerConfig();
-  if (!cfg) {
-    console.log(`note: no stamp server configured`);
+  const reviewer = opts.reviewer;
+  if (!isValidReviewerName(reviewer)) {
+    throw new UsageError(
+      `invalid reviewer name '${reviewer}'. Names must be alphanumerics + '_' / '-', max 64 chars, no leading hyphen \u2014 same shape as \`stamp reviewers add\` accepts.`
+    );
+  }
+  const existing = loadOrEmpty();
+  if (!(reviewer in existing.reviewers)) {
+    console.log(`note: reviewers.${reviewer} is not set; nothing to clear`);
     return;
   }
-  console.log(`config:           ${path2}`);
-  console.log(`host:             ${cfg.host}`);
-  console.log(`port:             ${cfg.port}`);
-  console.log(`user:             ${cfg.user}`);
-  console.log(`repo_root_prefix: ${cfg.repoRootPrefix}`);
+  const next = { reviewers: { ...existing.reviewers } };
+  delete next.reviewers[reviewer];
+  const path2 = writeUserConfig(next);
+  console.log(`cleared reviewers.${reviewer}`);
+  console.log(`wrote ${path2}`);
 }
-function unsetConfig() {
-  const path2 = userServerConfigPath();
-  if (!existsSync12(path2)) {
-    console.log(`note: ${path2} does not exist; nothing to remove`);
+function runConfigReviewersShow() {
+  const path2 = userConfigPath();
+  if (!existsSync15(path2)) {
+    console.log(`note: no per-user stamp config (${path2} does not exist).`);
+    console.log(
+      `      Defaults will apply on next \`stamp init\` or \`stamp review\`:`
+    );
+    for (const [name, id] of Object.entries(DEFAULT_REVIEWER_MODELS)) {
+      console.log(`        ${name}: ${id}  (default)`);
+    }
+    console.log(
+      `      Pin a different model: \`stamp config reviewers set <reviewer> <model-id>\``
+    );
     return;
   }
-  unlinkSync(path2);
-  console.log(`removed ${path2}`);
-}
-function writeConfig(opts) {
-  let parsed;
-  try {
-    parsed = parseServerFlag(opts.hostPort, "stamp server config: <host:port>");
-  } catch (err) {
-    throw new UsageError(err instanceof Error ? err.message : String(err));
+  const cfg = loadUserConfig() ?? { reviewers: {} };
+  console.log(`config: ${path2}`);
+  const names = Object.keys(cfg.reviewers).sort();
+  if (names.length === 0) {
+    console.log(`(no reviewer overrides; SDK default model in use for every reviewer)`);
+    console.log(
+      `Pin one with: \`stamp config reviewers set <reviewer> <model-id>\``
+    );
+    return;
   }
-  const yaml = formatServerConfigYaml({
-    host: parsed.host,
-    port: parsed.port,
-    user: opts.user,
-    repoRootPrefix: opts.repoRootPrefix
-  });
-  const path2 = userServerConfigPath();
-  const dir = dirname3(path2);
-  if (!existsSync12(dir)) mkdirSync3(dir, { recursive: true, mode: 448 });
-  const tmp = `${path2}.tmp.${process.pid}`;
-  writeFileSync8(tmp, yaml, { mode: 384 });
-  renameSync(tmp, path2);
-  console.log(`wrote ${path2}`);
-  console.log(`host:             ${parsed.host}`);
-  console.log(`port:             ${parsed.port}`);
-  if (opts.user && opts.user.trim()) {
-    console.log(`user:             ${opts.user.trim()}`);
+  console.log(`reviewers:`);
+  const maxNameLen = Math.max(...names.map((n) => n.length));
+  for (const name of names) {
+    const id = cfg.reviewers[name];
+    const tag = DEFAULT_REVIEWER_MODELS[name] === id ? "  (matches default)" : DEFAULT_REVIEWER_MODELS[name] ? `  (default: ${DEFAULT_REVIEWER_MODELS[name]})` : "";
+    console.log(`  ${name.padEnd(maxNameLen)}  ${id}${tag}`);
   }
-  if (opts.repoRootPrefix && opts.repoRootPrefix.trim()) {
-    console.log(`repo_root_prefix: ${opts.repoRootPrefix.trim()}`);
+  const unpinned = Object.keys(DEFAULT_REVIEWER_MODELS).filter(
+    (n) => !(n in cfg.reviewers)
+  );
+  if (unpinned.length > 0) {
+    console.log(`unpinned (will use default at review time):`);
+    for (const name of unpinned) {
+      console.log(`  ${name.padEnd(maxNameLen)}  ${DEFAULT_REVIEWER_MODELS[name]}  (default)`);
+    }
   }
 }
+function loadOrEmpty() {
+  return loadUserConfig() ?? { reviewers: {} };
+}
 
 // src/commands/reviewers.ts
-import { spawnSync as spawnSync6 } from "child_process";
+import { spawnSync as spawnSync7 } from "child_process";
 import {
-  existsSync as existsSync14,
-  readFileSync as readFileSync8,
+  existsSync as existsSync17,
+  readFileSync as readFileSync11,
   statSync as statSync3,
-  unlinkSync as unlinkSync2,
-  writeFileSync as writeFileSync10
+  unlinkSync as unlinkSync4,
+  writeFileSync as writeFileSync12
 } from "fs";
-import { join as join8, relative, resolve } from "path";
-import { parse as parseYaml4, stringify as stringifyYaml2 } from "yaml";
+import { join as join10, relative, resolve } from "path";
+import { parse as parseYaml6, stringify as stringifyYaml3 } from "yaml";
 
 // src/lib/reviewerLock.ts
-import { existsSync as existsSync13, readFileSync as readFileSync7, writeFileSync as writeFileSync9 } from "fs";
-import { join as join7 } from "path";
+import { existsSync as existsSync16, readFileSync as readFileSync10, writeFileSync as writeFileSync11 } from "fs";
+import { join as join9 } from "path";
 var LOCK_FILE_VERSION = 1;
 var LOCK_DRIFT_EXIT = 3;
 function lockFilePath(repoRoot, reviewerName) {
-  return join7(repoRoot, ".stamp", "reviewers", `${reviewerName}.lock.json`);
+  return join9(repoRoot, ".stamp", "reviewers", `${reviewerName}.lock.json`);
 }
 function readLockFile(repoRoot, reviewerName) {
   const path2 = lockFilePath(repoRoot, reviewerName);
-  if (!existsSync13(path2)) return null;
+  if (!existsSync16(path2)) return null;
   try {
-    const raw = readFileSync7(path2, "utf8");
+    const raw = readFileSync10(path2, "utf8");
     const parsed = JSON.parse(raw);
     if (typeof parsed.version !== "number" || typeof parsed.source !== "string" || typeof parsed.ref !== "string" || typeof parsed.reviewer !== "string" || typeof parsed.prompt_sha256 !== "string" || typeof parsed.tools_sha256 !== "string" || typeof parsed.mcp_sha256 !== "string") {
       throw new Error(`malformed lock file at ${path2}`);
@@ -4132,20 +5351,20 @@ function readLockFile(repoRoot, reviewerName) {
 }
 function writeLockFile(repoRoot, reviewerName, lock) {
   const path2 = lockFilePath(repoRoot, reviewerName);
-  writeFileSync9(path2, JSON.stringify(lock, null, 2) + "\n", "utf8");
+  writeFileSync11(path2, JSON.stringify(lock, null, 2) + "\n", "utf8");
 }
 function checkReviewerDrift(repoRoot, reviewerName, def) {
   const lock = readLockFile(repoRoot, reviewerName);
   if (!lock) {
     return unpinnedResult();
   }
-  const promptPath = join7(repoRoot, def.prompt);
-  if (!existsSync13(promptPath)) {
+  const promptPath = join9(repoRoot, def.prompt);
+  if (!existsSync16(promptPath)) {
     throw new Error(
       `reviewer "${reviewerName}" has a lock file but its prompt "${def.prompt}" does not exist on disk. Re-run 'stamp reviewers fetch ${reviewerName} --from ${lock.source}@${lock.ref}' to restore it, or delete the lock file to un-pin the reviewer.`
     );
   }
-  const promptBytes = readFileSync7(promptPath);
+  const promptBytes = readFileSync10(promptPath);
   const observedPrompt = hashPromptBytes(promptBytes);
   const observedTools = hashTools(def.tools);
   const observedMcp = hashMcpServers(def.mcp_servers);
@@ -4211,8 +5430,8 @@ function requireValidReviewerName(name) {
 }
 function reviewersList() {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  const names = Object.keys(config.reviewers);
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  const names = Object.keys(config2.reviewers);
   if (names.length === 0) {
     console.log("No reviewers configured in .stamp/config.yml.");
     return;
@@ -4223,10 +5442,10 @@ function reviewersList() {
   console.log(bar);
   const maxNameLen = Math.max(...names.map((n) => n.length));
   for (const name of names) {
-    const def = config.reviewers[name];
+    const def = config2.reviewers[name];
     const abs = resolve(repoRoot, def.prompt);
     let annotation = "";
-    if (!existsSync14(abs)) {
+    if (!existsSync17(abs)) {
       annotation = "  MISSING";
     } else {
       const size = statSync3(abs).size;
@@ -4236,15 +5455,15 @@ function reviewersList() {
   }
   console.log(bar);
   console.log("branch rules:");
-  for (const [branch, rule] of Object.entries(config.branches)) {
+  for (const [branch, rule] of Object.entries(config2.branches)) {
     console.log(`  ${branch}  required: [${rule.required.join(", ")}]`);
   }
   console.log(bar);
 }
 function reviewersEdit(name) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  const def = config.reviewers[name];
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  const def = config2.reviewers[name];
   if (!def) {
     throw new Error(
       `reviewer "${name}" is not configured. Run \`stamp reviewers list\` to see available reviewers.`
@@ -4257,27 +5476,27 @@ function reviewersAdd(name, opts = {}) {
   requireValidReviewerName(name);
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  const config = loadConfig(configPath);
-  if (config.reviewers[name]) {
+  const config2 = loadConfig(configPath);
+  if (config2.reviewers[name]) {
     throw new Error(
       `reviewer "${name}" already exists. Use \`stamp reviewers edit ${name}\` to change its prompt.`
     );
   }
   const promptRel = `.stamp/reviewers/${name}.md`;
   const promptAbs = resolve(repoRoot, promptRel);
-  if (existsSync14(promptAbs)) {
+  if (existsSync17(promptAbs)) {
     throw new Error(
       `${promptRel} already exists on disk but is not in config. Either delete the file or add it to config manually.`
     );
   }
-  writeFileSync10(
+  writeFileSync12(
     promptAbs,
     `# ${name}
 
 ${EXAMPLE_REVIEWER_PROMPT.split("\n").slice(2).join("\n")}`
   );
-  config.reviewers[name] = { prompt: promptRel };
-  writeFileSync10(configPath, stringifyConfig(config));
+  config2.reviewers[name] = { prompt: promptRel };
+  writeFileSync12(configPath, stringifyConfig(config2));
   console.log(`reviewer "${name}" added.`);
   console.log(`  prompt file: ${promptRel}`);
   console.log(`  registered in .stamp/config.yml`);
@@ -4295,15 +5514,15 @@ Opening ${promptRel} in $EDITOR...`);
 function reviewersRemove(name, opts = {}) {
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  const config = loadConfig(configPath);
-  const def = config.reviewers[name];
+  const config2 = loadConfig(configPath);
+  const def = config2.reviewers[name];
   if (!def) {
     throw new Error(
       `reviewer "${name}" is not configured. Nothing to remove.`
     );
   }
   const referencedBy = [];
-  for (const [branch, rule] of Object.entries(config.branches)) {
+  for (const [branch, rule] of Object.entries(config2.branches)) {
     if (rule.required.includes(name)) referencedBy.push(branch);
   }
   if (referencedBy.length > 0) {
@@ -4311,13 +5530,13 @@ function reviewersRemove(name, opts = {}) {
       `reviewer "${name}" is required by branch(es): ${referencedBy.join(", ")}. Remove it from those branches' \`required\` list in .stamp/config.yml before removing.`
     );
   }
-  delete config.reviewers[name];
-  writeFileSync10(configPath, stringifyConfig(config));
+  delete config2.reviewers[name];
+  writeFileSync12(configPath, stringifyConfig(config2));
   console.log(`reviewer "${name}" removed from .stamp/config.yml`);
   if (opts.deleteFile) {
     const promptAbs = resolve(repoRoot, def.prompt);
-    if (existsSync14(promptAbs)) {
-      unlinkSync2(promptAbs);
+    if (existsSync17(promptAbs)) {
+      unlinkSync4(promptAbs);
       console.log(`deleted ${def.prompt}`);
     }
   } else {
@@ -4328,8 +5547,8 @@ function reviewersRemove(name, opts = {}) {
 }
 async function reviewersTest(name, diff) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  if (!config.reviewers[name]) {
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  if (!config2.reviewers[name]) {
     throw new Error(
       `reviewer "${name}" is not configured. Run \`stamp reviewers list\`.`
     );
@@ -4346,12 +5565,12 @@ async function reviewersTest(name, diff) {
   );
   console.log(`  prompt sourced from working tree (test/iteration use case)`);
   console.log();
-  const def = config.reviewers[name];
-  const promptPath = join8(repoRoot, def.prompt);
-  const systemPrompt = readFileSync8(promptPath, "utf8");
+  const def = config2.reviewers[name];
+  const promptPath = join10(repoRoot, def.prompt);
+  const systemPrompt = readFileSync11(promptPath, "utf8");
   const result = await invokeReviewer({
     reviewer: name,
-    config,
+    config: config2,
     repoRoot,
     diff: resolved.diff,
     base_sha: resolved.base_sha,
@@ -4368,14 +5587,14 @@ async function reviewersTest(name, diff) {
 }
 function reviewersShow(name, opts) {
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  if (!config.reviewers[name]) {
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  if (!config2.reviewers[name]) {
     throw new Error(
       `reviewer "${name}" is not configured. Run \`stamp reviewers list\`.`
     );
   }
   const dbPath = stampStateDbPath(repoRoot);
-  if (!existsSync14(dbPath)) {
+  if (!existsSync17(dbPath)) {
     console.log("No reviews recorded yet (no state.db).");
     return;
   }
@@ -4391,7 +5610,7 @@ function reviewersShow(name, opts) {
   const bar = "\u2500".repeat(72);
   console.log(bar);
   console.log(`reviewer: ${name}`);
-  console.log(`prompt:   ${config.reviewers[name].prompt}`);
+  console.log(`prompt:   ${config2.reviewers[name].prompt}`);
   console.log(bar);
   if (stats.total === 0) {
     console.log("  no verdicts recorded yet");
@@ -4465,7 +5684,7 @@ async function reviewersFetch(reviewerName, opts) {
     opts.expectMcpSha
   );
   const reviewersDir = stampReviewersDir(repoRoot);
-  if (!existsSync14(reviewersDir)) {
+  if (!existsSync17(reviewersDir)) {
     throw new Error(
       `${reviewersDir} does not exist \u2014 run \`stamp init\` first.`
     );
@@ -4478,7 +5697,7 @@ async function reviewersFetch(reviewerName, opts) {
   let tools;
   let mcpServers;
   if (configYaml !== null) {
-    const parsed = parseYaml4(configYaml) ?? {};
+    const parsed = parseYaml6(configYaml) ?? {};
     if (Array.isArray(parsed.tools)) {
       tools = parseToolsLoose(parsed.tools);
     }
@@ -4486,7 +5705,7 @@ async function reviewersFetch(reviewerName, opts) {
       mcpServers = validateMcpServersFromSource(parsed.mcp_servers, source, ref);
     }
   }
-  const promptPath = join8(reviewersDir, `${reviewerName}.md`);
+  const promptPath = join10(reviewersDir, `${reviewerName}.md`);
   const promptBytes = Buffer.from(promptText, "utf8");
   const promptSha = hashPromptBytes(promptBytes);
   const toolsSha = hashTools(tools);
@@ -4510,7 +5729,7 @@ async function reviewersFetch(reviewerName, opts) {
       mcpSha
     );
   }
-  writeFileSync10(promptPath, promptBytes);
+  writeFileSync12(promptPath, promptBytes);
   const lock = {
     version: LOCK_FILE_VERSION,
     source,
@@ -4546,8 +5765,8 @@ async function reviewersFetch(reviewerName, opts) {
 function reviewersVerify(opts) {
   if (opts.only) requireValidReviewerName(opts.only);
   const repoRoot = findRepoRoot();
-  const config = loadConfig(stampConfigFile(repoRoot));
-  const names = opts.only ? [opts.only] : Object.keys(config.reviewers);
+  const config2 = loadConfig(stampConfigFile(repoRoot));
+  const names = opts.only ? [opts.only] : Object.keys(config2.reviewers);
   if (names.length === 0) {
     console.log("No reviewers configured.");
     return;
@@ -4560,7 +5779,7 @@ function reviewersVerify(opts) {
   let anyDrift = false;
   let anyLocked = false;
   for (const name of names) {
-    const def = config.reviewers[name];
+    const def = config2.reviewers[name];
     if (!def) {
       console.error(
         `error: reviewer '${name}' is not in .stamp/config.yml. Add it with \`stamp reviewers add ${name}\` or remove its lock file.`
@@ -4735,11 +5954,11 @@ function buildConfigYamlHint(reviewerName, tools, mcpServers) {
   if (mcpServers && Object.keys(mcpServers).length > 0) {
     reviewerBlock.mcp_servers = mcpServers;
   }
-  return stringifyYaml2({ reviewers: { [reviewerName]: reviewerBlock } }).trimEnd();
+  return stringifyYaml3({ reviewers: { [reviewerName]: reviewerBlock } }).trimEnd();
 }
 function launchEditor(path2) {
   const editor = process.env["EDITOR"] ?? process.env["VISUAL"] ?? (process.platform === "win32" ? "notepad" : "vi");
-  const result = spawnSync6(editor, [path2], { stdio: "inherit" });
+  const result = spawnSync7(editor, [path2], { stdio: "inherit" });
   if (result.error) {
     throw new Error(
       `failed to launch editor "${editor}": ${result.error.message}`
@@ -4751,22 +5970,22 @@ function launchEditor(path2) {
 }
 
 // src/commands/status.ts
-import { existsSync as existsSync15 } from "fs";
+import { existsSync as existsSync18 } from "fs";
 function runStatus(opts) {
   const repoRoot = findRepoRoot();
   const configPath = stampConfigFile(repoRoot);
-  if (!existsSync15(configPath)) {
+  if (!existsSync18(configPath)) {
     throw new Error(
       `no .stamp/config.yml at ${configPath}. Run \`stamp init\` first.`
     );
   }
-  const config = loadConfig(configPath);
+  const config2 = loadConfig(configPath);
   const resolved = resolveDiff(opts.diff, repoRoot);
   const target = opts.into ?? inferTarget(opts.diff);
-  const rule = findBranchRule(config.branches, target);
+  const rule = findBranchRule(config2.branches, target);
   if (!rule) {
     throw new Error(
-      `no branch rule for "${target}" in .stamp/config.yml. Configured branches: ${Object.keys(config.branches).join(", ") || "(none)"}. Use --into <target> to override.`
+      `no branch rule for "${target}" in .stamp/config.yml. Configured branches: ${Object.keys(config2.branches).join(", ") || "(none)"}. Use --into <target> to override.`
     );
   }
   const db = openDb(stampStateDbPath(repoRoot));
@@ -4823,22 +6042,22 @@ function printGate(result, base_sha, head_sha) {
 }
 
 // src/commands/update.ts
-import { spawnSync as spawnSync7 } from "child_process";
+import { spawnSync as spawnSync8 } from "child_process";
 
 // src/lib/version.ts
-import { readFileSync as readFileSync9 } from "fs";
-import { dirname as dirname4, join as join9 } from "path";
+import { readFileSync as readFileSync12 } from "fs";
+import { dirname as dirname5, join as join11 } from "path";
 import { fileURLToPath } from "url";
 function readPackageVersion() {
-  const here = dirname4(fileURLToPath(import.meta.url));
+  const here = dirname5(fileURLToPath(import.meta.url));
   for (let dir = here, i = 0; i < 6; i++) {
     try {
-      const raw = readFileSync9(join9(dir, "package.json"), "utf8");
+      const raw = readFileSync12(join11(dir, "package.json"), "utf8");
       const pkg = JSON.parse(raw);
       if (pkg.name === "@openthink/stamp" && pkg.version) return pkg.version;
     } catch {
     }
-    const parent = dirname4(dir);
+    const parent = dirname5(dir);
     if (parent === dir) break;
     dir = parent;
   }
@@ -4864,7 +6083,7 @@ function runUpdate() {
 `);
   process.stdout.write(`checking npm registry for latest...
 `);
-  const viewResult = spawnSync7("npm", ["view", PKG_NAME, "version"], {
+  const viewResult = spawnSync8("npm", ["view", PKG_NAME, "version"], {
     encoding: "utf8"
   });
   if (viewResult.error || viewResult.status !== 0) {
@@ -4898,7 +6117,7 @@ function runUpdate() {
   }
   process.stdout.write(`installing ${PKG_NAME}@${latest}...
 `);
-  const installResult = spawnSync7(
+  const installResult = spawnSync8(
     "npm",
     ["install", "-g", `${PKG_NAME}@${latest}`],
     { stdio: "inherit" }
@@ -4919,9 +6138,9 @@ through that tool instead \u2014 this command only uses 'npm install -g'.`
 }
 
 // src/commands/verify.ts
-import { execFileSync as execFileSync2, spawnSync as spawnSync8 } from "child_process";
+import { execFileSync as execFileSync2, spawnSync as spawnSync9 } from "child_process";
 function loadConfigAtSha(sha, repoRoot) {
-  const result = spawnSync8(
+  const result = spawnSync9(
     "git",
     ["show", `${sha}:.stamp/config.yml`],
     { cwd: repoRoot, encoding: "utf8", maxBuffer: 16 * 1024 * 1024 }
@@ -4938,7 +6157,7 @@ function loadConfigAtSha(sha, repoRoot) {
 }
 function runVerify(sha) {
   const repoRoot = findRepoRoot();
-  const config = loadConfigAtSha(sha, repoRoot);
+  const config2 = loadConfigAtSha(sha, repoRoot);
   const commitMessage2 = git2(["show", "-s", "--format=%B", sha], repoRoot);
   const parsed = parseCommitAttestation(commitMessage2);
   if (!parsed) {
@@ -4983,7 +6202,7 @@ function runVerify(sha) {
       `computed merge-base(${parent0.slice(0, 8)}, ${parent1.slice(0, 8)}) = ${actualMergeBase.slice(0, 8)}, does not match payload.base_sha (${payload.base_sha.slice(0, 8)})`
     );
   }
-  const rule = findBranchRule(config.branches, payload.target_branch);
+  const rule = findBranchRule(config2.branches, payload.target_branch);
   if (!rule) {
     fail(
       sha,
@@ -5029,12 +6248,12 @@ function runVerify(sha) {
     );
   }
   if ((payload.schema_version ?? 1) >= 2) {
-    verifyReviewerHashes(sha, payload, repoRoot, config);
+    verifyReviewerHashes(sha, payload, repoRoot, config2);
   }
   printSuccess2(sha, payload);
 }
-function verifyReviewerHashes(sha, payload, repoRoot, config) {
-  const reviewers2 = config.reviewers;
+function verifyReviewerHashes(sha, payload, repoRoot, config2) {
+  const reviewers2 = config2.reviewers;
   if (Object.keys(reviewers2).length === 0) {
     fail(
       sha,
@@ -5167,6 +6386,9 @@ program.command("init").description(
   "--remote <name>",
   "remote name to inspect for deployment-shape detection (default: origin)",
   "origin"
+).option(
+  "--no-oteam",
+  "bypass the oteam-detection prompt that offers to fill stamp.host in ~/.open-team/config.json"
 ).action(
   (opts) => {
     try {
@@ -5187,7 +6409,8 @@ program.command("init").description(
         bootstrapCommit: opts.bootstrapCommit,
         ghProtect: opts.ghProtect,
         mode,
-        remote: opts.remote
+        remote: opts.remote,
+        oteam: opts.oteam
       });
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -5230,8 +6453,8 @@ program.command("bootstrap").description(
     }
   }
 );
-program.command("provision <name>").description(
-  "single-command server-gated repo setup: provision a bare repo on the stamp server (~/.stamp/server.yml or --server), clone it, run bootstrap, optionally create a GitHub mirror + apply the Ruleset"
+program.command("provision [name]").description(
+  "single-command server-gated repo setup: provision a bare repo on the stamp server (~/.stamp/server.yml or --server), clone it, run bootstrap, optionally create a GitHub mirror + apply the Ruleset. With --migrate-bypass, migrate an existing server-gated repo's Ruleset bypass from OrganizationAdmin to a per-repo DeployKey actor (cwd's .stamp/mirror.yml identifies the target; <name> is ignored)."
 ).option(
   "--server <host:port>",
   "override ~/.stamp/server.yml with an inline endpoint"
@@ -5247,11 +6470,22 @@ program.command("provision <name>").description(
 ).option("--no-mirror", "skip GitHub mirror creation + .stamp/mirror.yml").option("--no-ruleset", "skip applying the GitHub Ruleset on the mirror").option("--dry-run", "print the plan without making changes").option(
   "--migrate-existing",
   "brownfield: migrate the existing repo at cwd (with .stamp/ committed and origin \u2192 github) to server-gated; preserves history, renames origin \u2192 github, points new origin at the stamp server"
+).option(
+  "--migrate-bypass",
+  "migrate an existing server-gated repo's stamp-mirror-only Ruleset bypass actor from OrganizationAdmin to a per-repo DeployKey. Identifies the target via cwd's .stamp/mirror.yml. Additive by default (DeployKey added alongside existing actors); pair with --remove-orgadmin to also strip OrganizationAdmin from the bypass list"
+).option(
+  "--remove-orgadmin",
+  "under --migrate-bypass, also remove OrganizationAdmin from the ruleset's bypass list. Verify the DeployKey transport works (one stamp push) before running this \u2014 there is no automated push-verification step"
 ).action(
   async (name, opts) => {
     try {
       await runProvision({
-        name,
+        // ProvisionOptions.name is typed `string` so the rest of the
+        // downstream readers don't have to narrow. Empty placeholder
+        // for --migrate-bypass (which doesn't read it); the validation
+        // block in runProvision requires a non-empty name in all other
+        // modes.
+        name: name ?? "",
         server: opts.server,
         org: opts.org,
         into: opts.into,
@@ -5259,7 +6493,9 @@ program.command("provision <name>").description(
         noMirror: !opts.mirror,
         noRuleset: !opts.ruleset,
         dryRun: opts.dryRun,
-        migrateExisting: opts.migrateExisting
+        migrateExisting: opts.migrateExisting,
+        migrateBypass: opts.migrateBypass,
+        removeOrgadmin: opts.removeOrgadmin
       });
     } catch (err) {
       const message = err instanceof Error ? err.message : String(err);
@@ -5294,6 +6530,57 @@ server.command("config [host:port]").description(
     }
   }
 );
+server.command("pubkey").description(
+  "print a stamp-server-managed GitHub mirror-push deploy-key public half \u2014 single OpenSSH line, pipe-able into `gh api -X POST /repos/:o/:r/keys --field key=@-` to register as a deploy key. Without --repo, returns the legacy shared key (back-compat). With --repo <owner/repo>, returns a per-repo key that the server lazily generates on first request \u2014 preferred for new migrations because GitHub rejects re-registering the same key on a second repo."
+).option(
+  "--server <host:port>",
+  "override ~/.stamp/server.yml for this call"
+).option(
+  "--repo <owner>/<repo>",
+  "fetch the per-repo deploy key for this GitHub mirror (lazy-generated server-side on first request)"
+).action((opts) => {
+  try {
+    runServerPubkey({ server: opts.server, repo: opts.repo });
+  } catch (err) {
+    handleCliError(err);
+  }
+});
+var config = program.command("config").description(
+  "manage per-user stamp config at ~/.stamp/config.yml \u2014 operator-level knobs that shouldn't be committed. Per-repo policy lives in `.stamp/config.yml`."
+);
+var configReviewers = config.command("reviewers").description(
+  "pin which Anthropic model each reviewer (security/standards/product/\u2026) runs on. Defaults to claude-sonnet-4-6 for the three starter personas; opt into Opus on security with `set security claude-opus-4-7`."
+);
+configReviewers.command("set <reviewer> <model-id>").description(
+  "pin <reviewer> to <model-id> (e.g. `set security claude-opus-4-7`). Model id is opaque to stamp \u2014 passed straight to the agent SDK, so any string the SDK accepts works."
+).action((reviewer, modelId) => {
+  try {
+    runConfigReviewersSet({ reviewer, modelId });
+  } catch (err) {
+    handleCliError(err);
+  }
+});
+configReviewers.command("clear [reviewer]").description(
+  "remove a reviewer's model pin (resolver falls back to the SDK default), or pass --all to delete the whole ~/.stamp/config.yml."
+).option(
+  "--all",
+  "remove the entire ~/.stamp/config.yml file (every reviewer falls back to the SDK default)"
+).action((reviewer, opts) => {
+  try {
+    runConfigReviewersClear({ reviewer, all: opts.all });
+  } catch (err) {
+    handleCliError(err);
+  }
+});
+configReviewers.command("show").description(
+  "print the resolved per-reviewer model config (or note that no config is set and which defaults will apply)."
+).action(() => {
+  try {
+    runConfigReviewersShow();
+  } catch (err) {
+    handleCliError(err);
+  }
+});
 var serverRepo = program.command("server-repos").description(
   "manage bare repos on the stamp server (list / delete / restore). Uses ~/.stamp/server.yml or --server."
 );
@@ -5367,9 +6654,12 @@ program.command("status").description("show gate state for a diff; exit 0 if gat
     handleCliError(err);
   }
 });
-program.command("merge <branch>").description("merge <branch> into --into <target> if the gate is open").requiredOption("--into <target>", "target branch to merge into").action((branch, opts) => {
+program.command("merge <branch>").description("merge <branch> into --into <target> if the gate is open").requiredOption("--into <target>", "target branch to merge into").option(
+  "-y, --yes",
+  "skip the operator-confirmation prompt for this invocation (equivalent to STAMP_REQUIRE_HUMAN_MERGE=0; see audit H1)"
+).action((branch, opts) => {
   try {
-    runMerge({ branch, into: opts.into });
+    runMerge({ branch, into: opts.into, yes: opts.yes });
   } catch (err) {
     handleCliError(err);
   }
@@ -5392,13 +6682,13 @@ program.command("update").description(
   "upgrade stamp to the latest npm release (runs 'npm install -g @openthink/stamp@latest')"
 ).action(() => wrap(() => runUpdate()));
 program.command("prune").description(
-  "delete review-history rows older than <duration> from the per-machine state.db, then VACUUM. Use --dry-run first to preview."
+  "delete review-history rows older than <duration> from the per-machine state.db (then VACUUM), AND unlink failed-parse spool files under .git/stamp/failed-parses/ whose mtime is older than <duration>. Use --dry-run first to preview both passes."
 ).requiredOption(
   "--older-than <duration>",
   "retention cutoff, e.g. 30d (days), 12h (hours), 90m (minutes)"
 ).option(
   "--dry-run",
-  "print the per-reviewer breakdown that would be pruned without modifying the DB"
+  "print the per-reviewer breakdown of state.db rows AND the list of spool file paths that would be pruned, without modifying anything"
 ).action((opts) => {
   try {
     runPrune({ olderThan: opts.olderThan, dryRun: opts.dryRun });
@@ -5408,7 +6698,7 @@ program.command("prune").description(
 });
 program.command("ui").description("launch the interactive terminal UI").action(async () => {
   try {
-    const { runUi } = await import("./ui-4V2HDHOS.js");
+    const { runUi } = await import("./ui-TKLZWCPL.js");
     runUi();
   } catch (err) {
     handleCliError(err);