@oscharko-dev/keiko 0.2.0-beta.4 → 0.2.0-beta.5

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/reviewStore.js

@@ -7,10 +7,31 @@
 // nothing is approved by default (#282 AC). All reads tolerate a missing artifact.
 import { createNodeContainedJsonArtifactStore, } from "@oscharko-dev/keiko-evidence";
 import { QualityIntelligence } from "@oscharko-dev/keiko-contracts";
+import { QualityIntelligenceReview } from "@oscharko-dev/keiko-quality-intelligence";
+/**
+ * Redact a reviewer label before it lands in the persisted (append-only) audit log. The label is
+ * user-supplied, so a secret-shaped value must be scrubbed at persist time — the `.review.json`
+ * companion otherwise bypasses the QI persist redactor (Issue #282 FIX M1). The live redactor maps
+ * string→string; the non-string fallback keeps the type honest without `any`.
+ */
+const redactLabel = (label, redact) => {
+    const redacted = redact(label);
+    return typeof redacted === "string" ? redacted : label;
+};
 export const QI_REVIEW_SCHEMA_VERSION = 1;
 const REVIEW_SUFFIX = ".review.json";
 const REVIEW_STATES = new Set(QualityIntelligence.QUALITY_INTELLIGENCE_REVIEW_STATES);
 const isReviewState = (value) => typeof value === "string" && REVIEW_STATES.has(value);
+// FIX L1 (Issue #282) — candidate ids are arbitrary strings. Building the candidate-state map over a
+// null-prototype object means a candidate literally named `__proto__` / `constructor` cannot collide
+// with an Object.prototype member (no prototype-pollution, no spurious own-key reads). Behaviour is
+// identical for normal ids.
+const toNullProtoStates = (source) => {
+    const target = Object.create(null);
+    for (const [id, state] of Object.entries(source))
+        target[id] = state;
+    return target;
+};
 const parseArtifact = (value) => {
     if (typeof value !== "object" || value === null)
         return undefined;
@@ -21,7 +42,10 @@ const parseArtifact = (value) => {
         return undefined;
     if (typeof record.candidateStates !== "object" || record.candidateStates === null)
         return undefined;
-    return value;
+    // Rehydrate candidateStates onto a null-proto object so a persisted `__proto__`/`constructor`
+    // candidate id round-trips as an own key rather than the prototype member it was parsed into.
+    const candidateStates = toNullProtoStates(record.candidateStates);
+    return { ...value, candidateStates };
 };
 const storeFor = (evidenceDir) => createNodeContainedJsonArtifactStore(evidenceDir, REVIEW_SUFFIX, { parse: parseArtifact });
 export const loadRunReviewState = (runId, evidenceDir) => storeFor(evidenceDir).load(runId);
@@ -38,17 +62,52 @@ const ACTION_TARGET = {
     reopen: "open",
     withdraw: "withdrawn",
 };
+// FIX A (Issue #282) — legal-transition predicate, resurrecting the audited pure terminal-state
+// check from keiko-quality-intelligence. A transition from `from` via `action` (target `to`) is
+// legal iff:
+//   * to !== from           (reject every no-op, including reopen-from-open), AND
+//   * action === "reopen" OR the source state is not terminal.
+// reopen is the deliberate, audited undo from any non-open state (changes-requested / approved /
+// rejected / withdrawn → open). Every other action (approve / reject / request-changes / withdraw)
+// is legal only from a non-terminal state — this blocks silent illegal flips (approve a rejected,
+// reject an approved) while keeping re-decision possible via an explicit reopen.
+const isLegalTransition = (from, action) => {
+    const to = ACTION_TARGET[action];
+    if (to === from)
+        return false;
+    return action === "reopen" || !QualityIntelligenceReview.isTerminalReviewState(from);
+};
+/**
+ * Thrown by `applyReviewDecision` when the requested action is not a legal transition from the
+ * current review state. Nothing is persisted and no audit entry is appended — the append-only log
+ * never attests a transition the audited domain declares illegal. The route maps this to a 409.
+ */
+export class QualityIntelligenceReviewTransitionRejected extends Error {
+    from;
+    action;
+    toState;
+    constructor(from, action, toState) {
+        super(`Review transition ${from} → ${action} (${toState}) is not permitted.`);
+        this.name = "QualityIntelligenceReviewTransitionRejected";
+        this.from = from;
+        this.action = action;
+        this.toState = toState;
+    }
+}
 const emptyArtifact = (runId, now) => ({
     qiReviewSchemaVersion: QI_REVIEW_SCHEMA_VERSION,
     runId,
     runState: "open",
-    candidateStates: {},
+    candidateStates: toNullProtoStates({}),
     auditLog: [],
     lastUpdatedAt: now,
 });
 /**
- * Apply a review decision and persist the updated artifact. Pure transition + append-only audit
- * entry; returns the new artifact. The caller is responsible for authorising the action.
+ * Apply a review decision and persist the updated artifact. Validates transition legality first
+ * (FIX A): an illegal transition throws `QualityIntelligenceReviewTransitionRejected` and persists
+ * nothing — no audit entry is ever appended for a rejected transition. On success, appends an
+ * append-only audit entry (with a redacted reviewer label, FIX M1) and returns the new artifact.
+ * The caller is responsible for authorising the action.
  */
 export const applyReviewDecision = (input) => {
     const current = loadRunReviewState(input.runId, input.evidenceDir) ?? emptyArtifact(input.runId, input.now);
@@ -57,15 +116,18 @@ export const applyReviewDecision = (input) => {
     const fromState = isCandidate
         ? candidateReviewStateOf(current, input.candidateId)
         : current.runState;
+    if (!isLegalTransition(fromState, input.action)) {
+        throw new QualityIntelligenceReviewTransitionRejected(fromState, input.action, toState);
+    }
     const candidateStates = isCandidate
-        ? { ...current.candidateStates, [input.candidateId]: toState }
+        ? Object.assign(toNullProtoStates(current.candidateStates), { [input.candidateId]: toState })
         : current.candidateStates;
     const audit = {
         at: input.now,
         action: input.action,
         scope: input.scope,
         ...(isCandidate ? { candidateId: input.candidateId } : {}),
-        reviewerLabel: input.reviewerLabel,
+        reviewerLabel: redactLabel(input.reviewerLabel, input.redact),
         fromState,
         toState,
     };
@@ -82,8 +144,9 @@ export const applyReviewDecision = (input) => {
 };
 /**
  * Append an append-only `edit` audit entry for an inline candidate edit. Review state is NOT
- * transitioned — `fromState`/`toState` are the candidate's existing review state. Persists and
- * returns the updated review artifact (created empty on first use).
+ * transitioned — `fromState`/`toState` are the candidate's existing review state. The reviewer label
+ * is redacted before persist (FIX M1). Persists and returns the updated review artifact (created
+ * empty on first use).
  */
 export const appendEditAudit = (input) => {
     const current = loadRunReviewState(input.runId, input.evidenceDir) ?? emptyArtifact(input.runId, input.now);
@@ -93,7 +156,7 @@ export const appendEditAudit = (input) => {
         action: "edit",
         scope: "candidate",
         candidateId: input.candidateId,
-        reviewerLabel: input.reviewerLabel,
+        reviewerLabel: redactLabel(input.reviewerLabel, input.redact),
         fromState: state,
         toState: state,
     };

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/runIngestion.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"runIngestion.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/runIngestion.ts"],"names":[],"mappings":"AASA,OAAO,EAAuB,KAAK,mBAAmB,IAAI,EAAE,EAAE,MAAM,+BAA+B,CAAC;AAqBpG,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AACrF,OAAO,KAAK,EACV,+BAA+B,EAC/B,kCAAkC,EACnC,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAyC9F,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,SAAgB,IAAI,EAAE,MAAM,CAAC;gBACjB,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,+BAA+B,CAAC,MAAM,CAAC,CAAC;IACvD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,+BAA+B,CAAC,MAAM,CAAC,CAAC;IACvD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,iCAAiC,EAAE,CAAC;IACpE,QAAQ,CAAC,aAAa,EAAE,SAAS,+BAA+B,EAAE,CAAC;IACnE,QAAQ,CAAC,cAAc,EAAE;QACvB,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;QACxC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC,iCAAiC,CAAC;KAC/D,CAAC;IACF,QAAQ,CAAC,eAAe,EAAE,SAAS,eAAe,EAAE,CAAC;IACrD,yFAAyF;IACzF,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,SAAS,eAAe,EAAE,CAAC;CACrD;AAoyBD,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,kCAAkC,CAAC;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,gHAAgH;IAChH,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IACvD;;;OAGG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IAC/D;;;OAGG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,uBAAuB,GAAG,SAAS,CAAC;CAC5D;AAsED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,wBAAwB,GAAG,iBAAiB,CAiDtF"}
+{"version":3,"file":"runIngestion.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/runIngestion.ts"],"names":[],"mappings":"AAUA,OAAO,EAAuB,KAAK,mBAAmB,IAAI,EAAE,EAAE,MAAM,+BAA+B,CAAC;AAqBpG,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AACrF,OAAO,KAAK,EACV,+BAA+B,EAC/B,kCAAkC,EACnC,MAAM,+BAA+B,CAAC;AACvC,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,qBAAqB,CAAC;AAC3D,OAAO,KAAK,EAAE,mBAAmB,EAAE,uBAAuB,EAAE,MAAM,2BAA2B,CAAC;AAyC9F,qBAAa,gBAAiB,SAAQ,KAAK;IACzC,SAAgB,IAAI,EAAE,MAAM,CAAC;gBACjB,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM;CAK1C;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,+BAA+B,CAAC,MAAM,CAAC,CAAC;IACvD,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;CAC5B;AAED;;;;;GAKG;AACH,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,IAAI,EAAE,+BAA+B,CAAC,MAAM,CAAC,CAAC;IACvD,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;IACtB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,SAAS,EAAE,SAAS,EAAE,CAAC,iCAAiC,EAAE,CAAC;IACpE,QAAQ,CAAC,aAAa,EAAE,SAAS,+BAA+B,EAAE,CAAC;IACnE,QAAQ,CAAC,cAAc,EAAE;QACvB,QAAQ,CAAC,WAAW,EAAE,SAAS,MAAM,EAAE,CAAC;QACxC,QAAQ,CAAC,cAAc,EAAE,EAAE,CAAC,iCAAiC,CAAC;KAC/D,CAAC;IACF,QAAQ,CAAC,eAAe,EAAE,SAAS,eAAe,EAAE,CAAC;IACrD,yFAAyF;IACzF,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IACpC;;;OAGG;IACH,QAAQ,CAAC,cAAc,EAAE,SAAS,eAAe,EAAE,CAAC;CACrD;AAk1BD,MAAM,WAAW,wBAAwB;IACvC,QAAQ,CAAC,OAAO,EAAE,kCAAkC,CAAC;IACrD,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,YAAY,EAAE,MAAM,CAAC;IAC9B,gHAAgH;IAChH,QAAQ,CAAC,eAAe,CAAC,EAAE,eAAe,GAAG,SAAS,CAAC;IACvD;;;OAGG;IACH,QAAQ,CAAC,mBAAmB,CAAC,EAAE,mBAAmB,GAAG,SAAS,CAAC;IAC/D;;;OAGG;IACH,QAAQ,CAAC,WAAW,CAAC,EAAE,uBAAuB,GAAG,SAAS,CAAC;CAC5D;AAsED,wBAAgB,mBAAmB,CAAC,KAAK,EAAE,wBAAwB,GAAG,iBAAiB,CAiDtF"}

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/runIngestion.js

@@ -5,6 +5,7 @@
 // `@oscharko-dev/keiko-quality-intelligence`. The server tier owns IO (it is the only layer that
 // may touch the filesystem); the pure domain owns splitting + hashing. Oversize and unsupported
 // inputs fail with user-actionable errors (#278 AC) before any model prompt is built.
+import { realpathSync } from "node:fs";
 import { dirname, isAbsolute, relative, resolve } from "node:path";
 import { QualityIntelligence } from "@oscharko-dev/keiko-contracts";
 import { redact, sha256Hex } from "@oscharko-dev/keiko-security";
@@ -66,6 +67,18 @@ const CREDENTIAL_LABEL_SHAPES = [
     /\bBearer\s+\S+/giu,
     /-----BEGIN [A-Z ]*PRIVATE KEY-----/gu,
 ];
+// Replace every control character (C0 range incl. tab/newline/CR, plus DEL) with a space using a
+// code-point scan — the `no-control-regex` lint rule forbids a control-range regex literal, and a
+// scan is the established in-package idiom (mirrors generationPort.scrubEvidenceText). Keeps a
+// label single-line.
+function collapseControlCharsToSpace(value) {
+    let out = "";
+    for (const ch of value) {
+        const cp = ch.codePointAt(0) ?? 0;
+        out += cp <= 0x1f || cp === 0x7f ? " " : ch;
+    }
+    return out;
+}
 const sanitiseLabel = (label) => {
     // Strip any URL authority — ANY scheme (http, file, s3, ftp, …), not just http(s) — plus the
     // well-known credential token shapes, so a browser-supplied label never carries a URL or secret
@@ -73,6 +86,12 @@ const sanitiseLabel = (label) => {
     let cleaned = label.replace(/[a-z][a-z0-9+.-]*:\/\/\S+/giu, " ");
     for (const shape of CREDENTIAL_LABEL_SHAPES)
         cleaned = cleaned.replace(shape, " ");
+    // Replace every control character (newline, CR, tab, NUL, DEL, …) with a space so a multi-line or
+    // control-laden label can never carry a second line of content into the browser-streamed envelope
+    // displayLabel. Without this, the absolute-path basename-collapse below (which splits on "/" only)
+    // would keep a trailing "\n<more content>" glued inside the final path segment — defeating the
+    // basename defence and emitting a multi-line label (#277/#278 envelope display-surface invariant).
+    cleaned = collapseControlCharsToSpace(cleaned);
     cleaned = cleaned.trim();
     // Collapse an absolute POSIX / Windows-drive / UNC path label to its final segment so the
     // display label never leaks the filesystem layout (the basename is the useful display token).
@@ -86,10 +105,34 @@ const sanitiseLabel = (label) => {
 // Reject a source whose absolute path (any segment) names a denied credential location. isDenied
 // inspects EVERY path segment, so a denied ancestor cannot be hidden by rooting a read deeper. Shared
 // by the folder and single-file paths so both honour the same containment guard (Epic #729 security).
+// Also rejects the symlink variant (assertRealPathNotDenied) so a benign-named link cannot resolve
+// into a protected location.
 function assertNotDenied(absPath, label, noun) {
     if (isDenied(absPath)) {
         throw new QiIngestionError("QI_SOURCE_DENIED", `${noun} "${label}" is in a protected location.`);
     }
+    assertRealPathNotDenied(absPath, label, noun);
+}
+// Defense-in-depth against a symlinked workspace root. The keiko-workspace deny gate (readWorkspaceFile)
+// inspects only the path RELATIVE to the realpath'd root, so a denied segment AT or ABOVE the connected
+// root is invisible to it: a benign-named "~/docs" symlink whose real target is "~/.aws" lets a
+// supported file inside it read through to the model, even though the lexical assertNotDenied above sees
+// only "docs". Re-running the deny gate over the REAL (symlink-resolved) absolute path rejects it. The
+// lexical check above already covers the no-symlink case, so this only ADDS denials when realpath
+// diverges into a protected location; a non-existent target surfaces later as NOT_FOUND, so a failed
+// realpath is a deliberate no-op here. (#713 single-file security review: "deny-list still applies";
+// #729 folder-root parity — both ingest paths share this boundary blind spot.)
+function assertRealPathNotDenied(absPath, label, noun) {
+    let realPath;
+    try {
+        realPath = realpathSync(absPath);
+    }
+    catch {
+        return;
+    }
+    if (realPath !== absPath && isDenied(realPath)) {
+        throw new QiIngestionError("QI_SOURCE_DENIED", `${noun} "${label}" is in a protected location.`);
+    }
 }
 const envelopeIdFor = (index, label, content) => {
     const digest = sha256Hex(`qi-src-v1|${String(index)}|${label}|${content}`).slice(0, 24);
@@ -194,8 +237,8 @@ function atomsForWorkspaceEntry(entry, envelopeId) {
 // entry becomes one content-bearing atom under a single repository-context envelope.
 function ingestWorkspace(source, index, registeredAt, byteBudget) {
     const label = sanitiseLabel(source.label);
-    // Reject a folder whose ROOT names a denied credential location: connecting e.g. ~/.aws or
-    // ~/.docker AS A FOLDER would otherwise ingest credential files whose RELATIVE paths
+    // Reject a folder whose ROOT names a denied credential location (lexically or via a symlinked root):
+    // connecting e.g. ~/.aws AS A FOLDER would otherwise ingest credential files whose RELATIVE paths
     // ("credentials", "config.json") never trip the per-file deny check (#729 security).
     assertNotDenied(resolve(source.path), label, "Folder");
     let workspace;
@@ -332,7 +375,7 @@ function ingestFile(source, index, registeredAt, byteBudget) {
         throw new QiIngestionError("QI_SOURCE_UNSUPPORTED", `File "${label}" is not a supported single-file document.`);
     }
     // Reject any path whose segments name a denied credential directory or file (.ssh, .aws, .env,
-    // *.pem, id_rsa, …) regardless of how the workspace root resolves below.
+    // *.pem, id_rsa, …) — lexically or after symlink resolution — regardless of the workspace root below.
     assertNotDenied(absFile, label, "File");
     const content = readSingleFileContent(absFile, label);
     // keiko-workspace decodes as UTF-8; a NUL byte is the canonical binary marker. A binary file that

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/runRegistry.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"runRegistry.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/runRegistry.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAErF,MAAM,MAAM,iBAAiB,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEjF,UAAU,WAAW;IACnB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,MAAM,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACnE;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAkC;IAEvD,oGAAoG;IACpG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,eAAe;IAY7D,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,GAAG,IAAI;IAMzE,0FAA0F;IAC1F,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,IAAI;IAM5E,oFAAoF;IACpF,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAO9B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhC,oFAAoF;IACpF,mBAAmB,IAAI,SAAS,+BAA+B,EAAE;IAUjE,wCAAwC;IACxC,KAAK,IAAI,IAAI;CAId;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC"}
+{"version":3,"file":"runRegistry.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/runRegistry.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EAAE,+BAA+B,EAAE,MAAM,+BAA+B,CAAC;AAErF,MAAM,MAAM,iBAAiB,GAAG,SAAS,GAAG,WAAW,GAAG,QAAQ,GAAG,WAAW,CAAC;AAEjF,UAAU,WAAW;IACnB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,MAAM,EAAE,iBAAiB,CAAC;IAC1B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,MAAM,EAAE;QAAE,UAAU,EAAE,MAAM,CAAC;QAAC,QAAQ,EAAE,MAAM,CAAC;QAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACnE;AAED,qBAAa,aAAa;IACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAkC;IAEvD,oGAAoG;IACpG,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,eAAe;IAY7D,YAAY,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC,GAAG,IAAI;IAMzE,0FAA0F;IAC1F,QAAQ,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,OAAO,CAAC,iBAAiB,EAAE,SAAS,CAAC,GAAG,IAAI;IAM5E,oFAAoF;IACpF,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAO9B,QAAQ,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO;IAIhC,oFAAoF;IACpF,mBAAmB,IAAI,SAAS,+BAA+B,EAAE;IAYjE,wCAAwC;IACxC,KAAK,IAAI,IAAI;CAId;AAGD,eAAO,MAAM,aAAa,eAAsB,CAAC"}

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/runRegistry.js

@@ -51,6 +51,8 @@ export class QiRunRegistry {
             requestedAt: run.requestedAt,
             completedAt: null,
             totals: { ...run.totals },
+            // An in-flight run is not yet persisted and cannot have been reviewed (Issue #282 FIX A11y-2).
+            reviewState: "open",
         }));
     }
     /** Test seam: clear all active runs. */

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/uiRoutes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"uiRoutes.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/uiRoutes.ts"],"names":[],"mappings":"AA+BA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOhD,eAAO,MAAM,yBAAyB,MAAM,CAAC;AAC7C,eAAO,MAAM,qBAAqB,MAAM,CAAC;AAqMzC,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAkDpF;AAMD,wBAAgB,cAAc,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAmClF"}
+{"version":3,"file":"uiRoutes.d.ts","sourceRoot":"","sources":["../../src/qualityIntelligence/uiRoutes.ts"],"names":[],"mappings":"AA+BA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAC9D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC;AAOhD,eAAO,MAAM,yBAAyB,MAAM,CAAC;AAC7C,eAAO,MAAM,qBAAqB,MAAM,CAAC;AAmNzC,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAkDpF;AAMD,wBAAgB,cAAc,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAmClF"}

package/node_modules/@oscharko-dev/keiko-server/dist/qualityIntelligence/uiRoutes.js

@@ -29,7 +29,7 @@ function resolveEvidenceDir(deps) {
 // Projection helpers — build browser-safe wire shapes from manifest data.
 // NEVER include raw prompt, raw source content, credentials, or unsafe markdown.
 // ---------------------------------------------------------------------------
-function projectRunSummary(manifest) {
+function projectRunSummary(manifest, reviewState) {
     if (manifest === undefined)
         return null;
     return {
@@ -42,8 +42,18 @@ function projectRunSummary(manifest) {
             findings: manifest.totals.findings,
             exports: manifest.totals.exports,
         },
+        reviewState,
     };
 }
+// FIX A11y-2 (Issue #282) — resolve the run's overall review state for the list item so the hub list
+// can show a per-run lifecycle badge (AC1). Loads the small `.review.json` companion per listed run;
+// this is acceptable because the list path already loads a per-run manifest and the list is bounded
+// by the route limit. Defaults to "open" when no companion exists or no evidence dir is configured.
+function listReviewStateFor(runId, evidenceDir) {
+    if (evidenceDir === undefined)
+        return "open";
+    return runReviewStateOf(loadRunReviewState(runId, evidenceDir));
+}
 /**
  * Build a candidateId → weak-test flag map from the persisted test-quality findings (Epic #736).
  * Only findings of kind "test-quality" that carry a candidateId contribute; the first finding wins
@@ -202,7 +212,7 @@ export function handleListQiRuns(ctx, deps) {
                 break;
             try {
                 const manifest = loadQualityIntelligenceRun(id, { evidenceDir });
-                const summary = projectRunSummary(manifest);
+                const summary = projectRunSummary(manifest, listReviewStateFor(id, evidenceDir));
                 if (summary !== null)
                     runs.push(summary);
             }

package/node_modules/@oscharko-dev/keiko-server/dist/routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAoI/C,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,KAAK,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACrE;AAID,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;CACxB;AAED,eAAO,MAAM,SAAS,eAAsB,CAAC;AAC7C,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,OAAO,SAAS,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAElD,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,KAChB,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;AAE9C,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;CAChC;AAUD,eAAO,MAAM,UAAU,EAAE,SAAS,eAAe,EAwRhD,CAAC;AA6BF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACnD;AAKD,wBAAgB,UAAU,CACxB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,UAAU,GAAG,oBAAoB,GAAG,SAAS,CA2B/C;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,QAAQ,CAEjE;AAED,wBAAgB,YAAY,IAAI,QAAQ,CAEvC;AAED,wBAAgB,oBAAoB,IAAI,QAAQ,CAE/C"}
+{"version":3,"file":"routes.d.ts","sourceRoot":"","sources":["../src/routes.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,eAAe,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAEjE,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAqI/C,MAAM,WAAW,QAAQ;IACvB,QAAQ,CAAC,KAAK,EAAE;QAAE,QAAQ,CAAC,IAAI,EAAE,MAAM,CAAC;QAAC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;KAAE,CAAC;CACrE;AAID,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,IAAI,EAAE,OAAO,CAAC;CACxB;AAED,eAAO,MAAM,SAAS,eAAsB,CAAC;AAC7C,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,OAAO,SAAS,CAAC;AAE5D,MAAM,WAAW,YAAY;IAC3B,QAAQ,CAAC,GAAG,EAAE,eAAe,CAAC;IAC9B,QAAQ,CAAC,GAAG,EAAE,cAAc,CAAC;IAC7B,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;IAElD,QAAQ,CAAC,GAAG,EAAE,GAAG,CAAC;CACnB;AAED,MAAM,MAAM,YAAY,GAAG,CACzB,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,KAChB,cAAc,GAAG,OAAO,CAAC,cAAc,CAAC,CAAC;AAE9C,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IAExB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,OAAO,EAAE,YAAY,CAAC;CAChC;AAUD,eAAO,MAAM,UAAU,EAAE,SAAS,eAAe,EA2RhD,CAAC;AA6BF,MAAM,WAAW,UAAU;IACzB,QAAQ,CAAC,UAAU,EAAE,eAAe,CAAC;IACrC,QAAQ,CAAC,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,CAAC;CACnD;AAKD,wBAAgB,UAAU,CACxB,MAAM,EAAE,MAAM,EACd,QAAQ,EAAE,MAAM,GACf,UAAU,GAAG,oBAAoB,GAAG,SAAS,CA2B/C;AAED,wBAAgB,SAAS,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAEnD;AAED,wBAAgB,SAAS,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,QAAQ,CAEjE;AAED,wBAAgB,YAAY,IAAI,QAAQ,CAEvC;AAED,wBAAgB,oBAAoB,IAAI,QAAQ,CAE/C"}

package/node_modules/@oscharko-dev/keiko-server/dist/routes.js

@@ -22,7 +22,7 @@ import { handleFilesContent, handleFilesDirectories, handleFilesPreview, handleF
 import { handleBrowserApplyScreenshot, handleBrowserContent, handleBrowserEvents, handleBrowserNavigate, handleBrowserScreenshot, handleBrowserStatus, handleCreateBrowserSession, handleDeleteBrowserSession, } from "./browser.js";
 import { handleCancelLocalKnowledgeCapsuleIndexing, handleConnectLocalKnowledgeCapsule, handleCreateLocalKnowledgeCapsule, handleCreateLocalKnowledgeCapsuleSet, handleDeleteLocalKnowledgeCapsule, handleDisconnectLocalKnowledgeCapsule, handleGetLocalKnowledgeCapsule, handleListLocalKnowledgeCapsules, handleListLocalKnowledgeCapsuleSets, handleReindexLocalKnowledgeCapsule, handleStartLocalKnowledgeCapsuleIndexing, handleUpdateLocalKnowledgeCapsule, } from "./local-knowledge-handlers.js";
 import { handleRelationshipCreate, handleRelationshipDelete, handleRelationshipDependencies, handleRelationshipEvents, handleRelationshipExplain, handleRelationshipGet, handleRelationshipHealth, handleRelationshipImpact, handleRelationshipList, handleRelationshipPatch, handleRelationshipValidate, } from "./relationship-handlers.js";
-import { handleQiCapabilities, handleQiDryRunFigma, handleQiDryRunJira, handleQiSourceSelect, handleListQiRuns, handleGetQiRun, QI_HANDOFF_ROUTE_GROUP, QI_RUN_EXECUTION_ROUTE_GROUP, QI_REVIEW_ROUTE_GROUP, QI_EXPORT_ROUTE_GROUP, QI_EDIT_ROUTE_GROUP, QI_TRACEABILITY_ROUTE_GROUP, QI_RECHECK_ROUTE_GROUP, } from "./qualityIntelligence/index.js";
+import { handleQiCapabilities, handleQiDryRunFigma, handleQiDryRunJira, handleQiSourceSelect, handleListQiRuns, handleGetQiRun, QI_HANDOFF_ROUTE_GROUP, QI_RUN_EXECUTION_ROUTE_GROUP, QI_REVIEW_ROUTE_GROUP, QI_EXPORT_ROUTE_GROUP, QI_EDIT_ROUTE_GROUP, QI_RETENTION_ROUTE_GROUP, QI_TRACEABILITY_ROUTE_GROUP, QI_RECHECK_ROUTE_GROUP, } from "./qualityIntelligence/index.js";
 import { handleFigmaTriggerSnapshot, handleFigmaLoadSnapshot, handleFigmaRevokeToken, } from "./qualityIntelligence/figmaSnapshotRoutes.js";
 import { handleFigmaGenerateCode } from "./qualityIntelligence/figmaCodegenRoutes.js";
 export const STREAMING = Symbol("streaming");
@@ -274,6 +274,9 @@ export const API_ROUTES = [
     // Issue #726 (Epic #712) — inline candidate editing. Literal-suffix POST /runs/:id/edit
     // disambiguates against /runs/:id/cancel just like /review and /export above.
     ...QI_EDIT_ROUTE_GROUP,
+    // Issue #282 follow-up (Epic #270) — run-deletion control. DELETE /runs/:id is method-distinct
+    // from GET /runs/:id and sweeps every server-owned companion (ADR-0023 D8).
+    ...QI_RETENTION_ROUTE_GROUP,
     // Issue #740 (Epic #734) — requirement↔test traceability matrix export.
     ...QI_TRACEABILITY_ROUTE_GROUP,
     // Issue #743 (Epic #735) — drift re-check + targeted regeneration. Literal-suffix POST routes

package/node_modules/@oscharko-dev/keiko-server/dist/store-handlers.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"store-handlers.d.ts","sourceRoot":"","sources":["../src/store-handlers.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAuH/C,iBAAS,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,CAEpD;AAmND,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAMvF;AAMD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAatB;AAeD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAQtB;AAMD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAcvF;AAgBD,wBAAgB,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAYnF;AAMD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAetB;AA0bD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAuBtB;AAMD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAQpF;AAMD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAgBtF;AAMD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAwBtB;AA6CD,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAWtB;AAuBD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAgBtB;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}
+{"version":3,"file":"store-handlers.d.ts","sourceRoot":"","sources":["../src/store-handlers.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,YAAY,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE7D,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,WAAW,CAAC;AAwH/C,iBAAS,cAAc,CAAC,OAAO,EAAE,MAAM,GAAG,WAAW,CAEpD;AAmND,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAMvF;AAMD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAatB;AAeD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAQtB;AAMD,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAcvF;AAgBD,wBAAgB,eAAe,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAYnF;AAMD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAetB;AA0bD,wBAAsB,gBAAgB,CACpC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAuBtB;AAMD,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAQpF;AAMD,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,YAAY,EAAE,IAAI,EAAE,aAAa,GAAG,WAAW,CAkBtF;AAMD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAwBtB;AA6CD,wBAAsB,0BAA0B,CAC9C,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAWtB;AAuBD,wBAAsB,mBAAmB,CACvC,GAAG,EAAE,YAAY,EACjB,IAAI,EAAE,aAAa,GAClB,OAAO,CAAC,WAAW,CAAC,CAgBtB;AAGD,OAAO,EAAE,cAAc,EAAE,CAAC"}

package/node_modules/@oscharko-dev/keiko-server/dist/store-handlers.js

@@ -10,6 +10,7 @@ import { UiStoreError, assertUiDbOutsideProject, isProjectAvailable, validatePro
 import { pathIsDenied } from "./files-deny.js";
 import { clearGroundedContextIndexesForConversation, clearGroundedContextIndexesForWorkspace, } from "./grounded-context-index.js";
 import { clearGroundedTurnsForConversation, clearGroundedTurnsForWorkspace, } from "./grounded-turn-registry.js";
+import { isLegacyEmptyAssistantPlaceholder } from "./assistant-response.js";
 // Issue #184 — workspace-relative path gate. isValidScopePath is the canonical validator from
 // @oscharko-dev/keiko-contracts/connected-context (issue #178). Reusing it here keeps the BFF
 // boundary aligned with the rest of the connected-repo surface and avoids regex drift.
@@ -748,7 +749,9 @@ export function handleListMessages(ctx, deps) {
         if (!chatBelongsToProject(deps, projectPath, chatId)) {
             return notFoundResult("Chat not found.");
         }
-        const messages = deps.store.listMessages(chatId, limit);
+        const messages = deps.store
+            .listMessages(chatId, limit)
+            .filter((message) => !isLegacyEmptyAssistantPlaceholder(message));
         return { status: 200, body: { messages } };
     });
 }

package/node_modules/@oscharko-dev/keiko-server/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@oscharko-dev/keiko-server",
-  "version": "0.2.0-beta.4",
+  "version": "0.2.0-beta.5",
   "private": true,
   "type": "module",
   "license": "Apache-2.0",