@resolveio/server-lib 22.3.221 → 22.3.223

package/util/ai-runner-manager-policy.js

@@ -0,0 +1,3501 @@
+"use strict";
+var __assign = (this && this.__assign) || function () {
+    __assign = Object.assign || function(t) {
+        for (var s, i = 1, n = arguments.length; i < n; i++) {
+            s = arguments[i];
+            for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p))
+                t[p] = s[p];
+        }
+        return t;
+    };
+    return __assign.apply(this, arguments);
+};
+var __values = (this && this.__values) || function(o) {
+    var s = typeof Symbol === "function" && Symbol.iterator, m = s && o[s], i = 0;
+    if (m) return m.call(o);
+    if (o && typeof o.length === "number") return {
+        next: function () {
+            if (o && i >= o.length) o = void 0;
+            return { value: o && o[i++], done: !o };
+        }
+    };
+    throw new TypeError(s ? "Object is not iterable." : "Symbol.iterator is not defined.");
+};
+var __read = (this && this.__read) || function (o, n) {
+    var m = typeof Symbol === "function" && o[Symbol.iterator];
+    if (!m) return o;
+    var i = m.call(o), r, ar = [], e;
+    try {
+        while ((n === void 0 || n-- > 0) && !(r = i.next()).done) ar.push(r.value);
+    }
+    catch (error) { e = { error: error }; }
+    finally {
+        try {
+            if (r && !r.done && (m = i["return"])) m.call(i);
+        }
+        finally { if (e) throw e.error; }
+    }
+    return ar;
+};
+var __spreadArray = (this && this.__spreadArray) || function (to, from, pack) {
+    if (pack || arguments.length === 2) for (var i = 0, l = from.length, ar; i < l; i++) {
+        if (ar || !(i in from)) {
+            if (!ar) ar = Array.prototype.slice.call(from, 0, i);
+            ar[i] = from[i];
+        }
+    }
+    return to.concat(ar || Array.prototype.slice.call(from));
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.estimateResolveIOAIManagerRetryExpectedValue = estimateResolveIOAIManagerRetryExpectedValue;
+exports.decideResolveIOAIManagerAutonomyPolicy = decideResolveIOAIManagerAutonomyPolicy;
+exports.normalizeResolveIOAIManagerHotfixEvidence = normalizeResolveIOAIManagerHotfixEvidence;
+exports.evaluateResolveIOAIManagerHotfixGitProof = evaluateResolveIOAIManagerHotfixGitProof;
+exports.validateResolveIOAIManagerHotfixEvidence = validateResolveIOAIManagerHotfixEvidence;
+exports.buildResolveIOAIManagerHotfixEvidenceRecord = buildResolveIOAIManagerHotfixEvidenceRecord;
+exports.buildResolveIOAIManagerHotfixDurabilityContract = buildResolveIOAIManagerHotfixDurabilityContract;
+exports.decideResolveIOAIManagerHotfixContinuation = decideResolveIOAIManagerHotfixContinuation;
+exports.decideResolveIOAIManagerHotfixCommitGuard = decideResolveIOAIManagerHotfixCommitGuard;
+exports.buildResolveIOAIManagerHotfixFirstReleasePolicy = buildResolveIOAIManagerHotfixFirstReleasePolicy;
+exports.isResolveIOAIManagerSafeAutoDispatch = isResolveIOAIManagerSafeAutoDispatch;
+exports.normalizeResolveIOAIManagerFailureClass = normalizeResolveIOAIManagerFailureClass;
+exports.fingerprintResolveIOAIManagerBlocker = fingerprintResolveIOAIManagerBlocker;
+exports.hashResolveIOAIManagerEvidence = hashResolveIOAIManagerEvidence;
+exports.buildResolveIOAIManagerRecoveryCheckpoint = buildResolveIOAIManagerRecoveryCheckpoint;
+exports.buildResolveIOAIManagerRecoveryEvidenceProbe = buildResolveIOAIManagerRecoveryEvidenceProbe;
+exports.buildResolveIOAIManagerRecoveryActionPacket = buildResolveIOAIManagerRecoveryActionPacket;
+exports.decideResolveIOAIManagerRecoveryActionDispatch = decideResolveIOAIManagerRecoveryActionDispatch;
+exports.appendResolveIOAIManagerRecoveryActionDispatch = appendResolveIOAIManagerRecoveryActionDispatch;
+exports.buildResolveIOAIManagerRecoveryExecutionDirective = buildResolveIOAIManagerRecoveryExecutionDirective;
+exports.buildResolveIOAIManagerRecoveryExecutionProofContract = buildResolveIOAIManagerRecoveryExecutionProofContract;
+exports.validateResolveIOAIManagerRecoveryExecutionProofContract = validateResolveIOAIManagerRecoveryExecutionProofContract;
+exports.assessResolveIOAIManagerEvidenceChange = assessResolveIOAIManagerEvidenceChange;
+exports.decideResolveIOAIManagerRecoveryGate = decideResolveIOAIManagerRecoveryGate;
+exports.buildResolveIOAIManagerRecoveryPlan = buildResolveIOAIManagerRecoveryPlan;
+exports.decideResolveIOAIManagerPolicy = decideResolveIOAIManagerPolicy;
+exports.buildResolveIOAIManagerRecoveryReplayMatrix = buildResolveIOAIManagerRecoveryReplayMatrix;
+function cleanText(value, max) {
+    if (max === void 0) { max = 2000; }
+    return String(value || '').replace(/\s+/g, ' ').trim().slice(0, max);
+}
+function cleanList(values, limit, max) {
+    var e_1, _a;
+    if (limit === void 0) { limit = 40; }
+    if (max === void 0) { max = 500; }
+    if (!Array.isArray(values)) {
+        return [];
+    }
+    var result = [];
+    try {
+        for (var values_1 = __values(values), values_1_1 = values_1.next(); !values_1_1.done; values_1_1 = values_1.next()) {
+            var value = values_1_1.value;
+            var normalized = cleanText(value, max);
+            if (normalized && !result.includes(normalized)) {
+                result.push(normalized);
+            }
+            if (result.length >= limit) {
+                break;
+            }
+        }
+    }
+    catch (e_1_1) { e_1 = { error: e_1_1 }; }
+    finally {
+        try {
+            if (values_1_1 && !values_1_1.done && (_a = values_1.return)) _a.call(values_1);
+        }
+        finally { if (e_1) throw e_1.error; }
+    }
+    return result;
+}
+var HOTFIX_CHANNELS = new Set([
+    'static_ui',
+    'backend_js',
+    'config',
+    'seed_data',
+    'cache_invalidation',
+    'service_restart',
+    'release_artifact',
+    'force_deploy_review',
+    'new_artifact_deploy',
+    'artifact_build'
+]);
+function cleanObject(value) {
+    return value && typeof value === 'object' && !Array.isArray(value) ? value : {};
+}
+function normalizeAutonomyMode(value) {
+    var normalized = cleanText(value, 120).toLowerCase().replace(/[\s-]+/g, '_');
+    if (/^(monitor|monitor_only|watch|watch_only)$/.test(normalized)) {
+        return 'monitor_only';
+    }
+    if (/^(auto|auto_retry|auto_retry_within_budget|autonomous|within_budget)$/.test(normalized)) {
+        return 'auto_retry_within_budget';
+    }
+    return 'manual_only';
+}
+function normalizeManagerEvidenceStrength(value) {
+    var normalized = cleanText(value, 40).toLowerCase().replace(/[\s-]+/g, '_');
+    if (normalized === 'proof') {
+        return 'proof';
+    }
+    if (normalized === 'material' || normalized === 'strong') {
+        return 'material';
+    }
+    if (normalized === 'weak') {
+        return 'weak';
+    }
+    return 'none';
+}
+function nonNegativeMoney(value) {
+    var parsed = Number(value);
+    return Number.isFinite(parsed) && parsed > 0 ? parsed : 0;
+}
+function finiteNumber(value) {
+    var parsed = Number(value);
+    return Number.isFinite(parsed) ? parsed : undefined;
+}
+function clampNumber(value, min, max) {
+    return Math.min(max, Math.max(min, value));
+}
+function isCheapEvidenceAutonomyAction(value) {
+    var action = cleanText(value, 120);
+    return !action || /^(run_evidence_probe|run_read_only_diagnosis|advance|continue_gate|park_manual)$/.test(action);
+}
+function estimateResolveIOAIManagerRetryExpectedValue(input) {
+    var e_2, _a;
+    if (input === void 0) { input = {}; }
+    var dispatchAction = cleanText(input.dispatchAction, 120);
+    var failureClass = normalizeResolveIOAIManagerFailureClass(input.failureClass);
+    var recoveryClass = cleanText(input.recoveryClass, 120);
+    var evidenceStrength = normalizeManagerEvidenceStrength(input.evidenceStrength);
+    var evidenceSignals = cleanList(input.evidenceSignals, 12, 120);
+    var projectedActionCostUsd = nonNegativeMoney(input.projectedActionCostUsd);
+    var budgetHardUsd = nonNegativeMoney(input.budgetHardUsd);
+    var materialEvidence = input.materialEvidence === true || evidenceStrength === 'material' || evidenceStrength === 'proof';
+    var newEvidence = input.newEvidence === true;
+    var signals = [];
+    var score = 0.1;
+    if (dispatchAction === 'run_evidence_probe') {
+        score = 0.75;
+        signals.push('cheap_evidence_probe');
+    }
+    else if (dispatchAction === 'run_read_only_diagnosis') {
+        score = 0.65;
+        signals.push('read_only_diagnosis');
+    }
+    else if (dispatchAction === 'advance' || dispatchAction === 'continue_gate') {
+        score = 0.55;
+        signals.push('gate_continuation');
+    }
+    else if (dispatchAction === 'run_infra_repair') {
+        score = 0.4;
+        signals.push('bounded_infra_repair');
+    }
+    else if (dispatchAction === 'run_compile_repair') {
+        score = 0.4;
+        signals.push('bounded_compile_repair');
+    }
+    else if (dispatchAction === 'run_release_repair') {
+        score = 0.3;
+        signals.push('bounded_release_repair');
+    }
+    else if (dispatchAction === 'run_journey_contract_repair' || dispatchAction === 'run_business_assertion_repair') {
+        score = 0.25;
+        signals.push('bounded_workflow_or_proof_repair');
+    }
+    else if (dispatchAction === 'run_targeted_product_repair') {
+        score = 0.15;
+        signals.push('targeted_product_repair');
+    }
+    if (evidenceStrength === 'proof') {
+        score += 0.3;
+        signals.push('proof_evidence');
+    }
+    else if (materialEvidence) {
+        score += 0.2;
+        signals.push('material_evidence');
+    }
+    else if (newEvidence) {
+        score += 0.1;
+        signals.push('new_evidence');
+    }
+    else if (evidenceStrength === 'weak') {
+        score -= 0.15;
+        signals.push('weak_evidence');
+    }
+    else if (!isCheapEvidenceAutonomyAction(dispatchAction)) {
+        score -= 0.25;
+        signals.push('no_material_evidence');
+    }
+    if ((failureClass === 'infra' || /infra/i.test(recoveryClass)) && dispatchAction === 'run_infra_repair') {
+        score += 0.15;
+        signals.push('failure_matches_infra_repair');
+    }
+    if ((failureClass === 'compile' || /compile/i.test(recoveryClass)) && dispatchAction === 'run_compile_repair') {
+        score += 0.15;
+        signals.push('failure_matches_compile_repair');
+    }
+    if (/release|publish|deploy/i.test("".concat(failureClass, " ").concat(recoveryClass)) && dispatchAction === 'run_release_repair') {
+        score += 0.1;
+        signals.push('failure_matches_release_repair');
+    }
+    if (projectedActionCostUsd >= 5) {
+        score -= 0.3;
+        signals.push('high_projected_cost');
+    }
+    else if (projectedActionCostUsd >= 2) {
+        score -= 0.18;
+        signals.push('medium_projected_cost');
+    }
+    else if (projectedActionCostUsd >= 1) {
+        score -= 0.08;
+        signals.push('low_projected_cost');
+    }
+    if (budgetHardUsd > 0 && projectedActionCostUsd > budgetHardUsd * 0.5) {
+        score -= 0.2;
+        signals.push('large_fraction_of_remaining_budget');
+    }
+    if (input.sameEvidenceAlreadyAttempted === true) {
+        score -= 0.35;
+        signals.push('same_evidence_already_attempted');
+    }
+    try {
+        for (var evidenceSignals_1 = __values(evidenceSignals), evidenceSignals_1_1 = evidenceSignals_1.next(); !evidenceSignals_1_1.done; evidenceSignals_1_1 = evidenceSignals_1.next()) {
+            var signal = evidenceSignals_1_1.value;
+            if (/passing_outcome|business|proof|diagnosis|compile|infra|release|artifact|fingerprint_changed|evidence_hash_changed/i.test(signal)) {
+                score += 0.03;
+                signals.push("evidence_signal:".concat(signal));
+            }
+        }
+    }
+    catch (e_2_1) { e_2 = { error: e_2_1 }; }
+    finally {
+        try {
+            if (evidenceSignals_1_1 && !evidenceSignals_1_1.done && (_a = evidenceSignals_1.return)) _a.call(evidenceSignals_1);
+        }
+        finally { if (e_2) throw e_2.error; }
+    }
+    var rounded = Number(clampNumber(score, -1, 1).toFixed(2));
+    var minScore = 0;
+    return {
+        score: rounded,
+        minScore: minScore,
+        positive: rounded >= minScore,
+        source: 'estimated',
+        confidence: evidenceStrength === 'proof' || materialEvidence ? 'medium' : 'low',
+        reason: rounded >= minScore
+            ? 'estimated_retry_value_is_non_negative'
+            : 'estimated_retry_value_is_negative',
+        signals: Array.from(new Set(signals)).slice(0, 16)
+    };
+}
+function decideResolveIOAIManagerAutonomyPolicy(input) {
+    var _a;
+    if (input === void 0) { input = {}; }
+    var mode = normalizeAutonomyMode(input.mode);
+    var currentSpendUsd = nonNegativeMoney(input.currentSpendUsd);
+    var projectedActionCostUsd = nonNegativeMoney(input.projectedActionCostUsd);
+    var projectedSpendUsd = currentSpendUsd + projectedActionCostUsd;
+    var budgetSoftUsd = nonNegativeMoney(input.budgetSoftUsd);
+    var budgetHardUsd = nonNegativeMoney(input.budgetHardUsd);
+    var softBudgetExceeded = budgetSoftUsd > 0 && projectedSpendUsd >= budgetSoftUsd;
+    var hardBudgetExceeded = budgetHardUsd > 0 && projectedSpendUsd > budgetHardUsd;
+    var dispatchAction = cleanText(input.dispatchAction, 120);
+    var evidenceStrength = normalizeManagerEvidenceStrength(input.evidenceStrength);
+    var evidenceSignals = cleanList(input.evidenceSignals, 12, 120);
+    var materialEvidence = input.materialEvidence === true || evidenceStrength === 'material' || evidenceStrength === 'proof';
+    var newEvidence = input.newEvidence === true;
+    var evidenceBacked = materialEvidence || newEvidence || evidenceSignals.some(function (signal) { return /material|proof|business|compile|infra|release|diagnosis|journey|workflow|artifact|hash_changed|fingerprint_changed/i.test(signal); });
+    var cheapEvidenceAction = isCheapEvidenceAutonomyAction(dispatchAction);
+    var expectedValueEstimate = estimateResolveIOAIManagerRetryExpectedValue({
+        dispatchAction: dispatchAction,
+        projectedActionCostUsd: projectedActionCostUsd,
+        currentSpendUsd: currentSpendUsd,
+        budgetHardUsd: budgetHardUsd,
+        evidenceStrength: evidenceStrength,
+        materialEvidence: materialEvidence,
+        newEvidence: newEvidence,
+        evidenceSignals: evidenceSignals,
+        sameEvidenceAlreadyAttempted: input.sameEvidenceAlreadyAttempted === true
+    });
+    var providedExpectedValue = finiteNumber(input.expectedValueScore);
+    var expectedValueKnown = providedExpectedValue !== undefined;
+    var expectedValueScore = expectedValueKnown ? providedExpectedValue : expectedValueEstimate.score;
+    var minExpectedValue = (_a = finiteNumber(input.minExpectedValueScore)) !== null && _a !== void 0 ? _a : expectedValueEstimate.minScore;
+    var expectedValuePositive = expectedValueScore >= minExpectedValue;
+    var expectedValueSource = expectedValueKnown ? 'provided' : 'estimated';
+    var requiredEvidence = __spreadArray(__spreadArray(__spreadArray(__spreadArray([
+        'mode',
+        'projectedActionCostUsd'
+    ], __read((budgetHardUsd > 0 ? ['budgetHardUsd'] : [])), false), __read((budgetSoftUsd > 0 ? ['budgetSoftUsd'] : [])), false), __read((dispatchAction ? ['dispatchAction'] : [])), false), __read((cheapEvidenceAction ? [] : ['materialEvidence or newEvidence', 'expectedValueScore when available'])), false);
+    var forbiddenActions = [];
+    var canAutoDispatch = false;
+    var canManualDispatch = true;
+    var blocked = false;
+    var requiresHumanApproval = true;
+    var reason = '';
+    var recommendedControl = mode;
+    if (mode === 'monitor_only') {
+        canManualDispatch = false;
+        reason = 'monitor_only_blocks_runner_dispatch';
+        forbiddenActions.push('Do not run recovery, repair, QA, publish, deploy, or customer reply actions while in Monitor Only mode.');
+    }
+    else if (mode === 'manual_only') {
+        reason = 'manual_only_requires_operator_dispatch';
+        forbiddenActions.push('Do not auto-dispatch manager recovery actions in Manual Only mode.');
+    }
+    else if (hardBudgetExceeded) {
+        blocked = true;
+        canAutoDispatch = false;
+        canManualDispatch = input.operatorApproved === true;
+        reason = 'auto_retry_budget_hard_cap_would_be_exceeded';
+        recommendedControl = 'increase_budget_or_manual';
+        forbiddenActions.push('Do not auto-dispatch because projected spend exceeds the hard budget.');
+    }
+    else if (!cheapEvidenceAction && !evidenceBacked) {
+        canAutoDispatch = false;
+        requiresHumanApproval = true;
+        reason = 'auto_retry_requires_material_evidence';
+        forbiddenActions.push('Do not auto-dispatch repair work until a deterministic artifact, changed blocker fingerprint, or material proof is recorded.');
+    }
+    else if (!cheapEvidenceAction && !expectedValuePositive) {
+        canAutoDispatch = false;
+        requiresHumanApproval = true;
+        reason = 'auto_retry_expected_value_not_positive';
+        forbiddenActions.push('Do not auto-dispatch repair work when the expected value score is below the configured minimum.');
+    }
+    else {
+        canAutoDispatch = true;
+        requiresHumanApproval = softBudgetExceeded;
+        reason = softBudgetExceeded
+            ? 'auto_retry_soft_budget_warning_requires_review'
+            : 'auto_retry_within_budget_allows_auto_dispatch';
+        if (softBudgetExceeded) {
+            forbiddenActions.push('Do not escalate to a more expensive model or broader repair without operator review after soft budget warning.');
+        }
+    }
+    return {
+        mode: mode,
+        canAutoDispatch: canAutoDispatch,
+        canManualDispatch: canManualDispatch,
+        blocked: blocked,
+        requiresHumanApproval: requiresHumanApproval,
+        reason: reason,
+        currentSpendUsd: currentSpendUsd,
+        projectedActionCostUsd: projectedActionCostUsd,
+        projectedSpendUsd: projectedSpendUsd,
+        budgetSoftUsd: budgetSoftUsd,
+        budgetHardUsd: budgetHardUsd,
+        softBudgetExceeded: softBudgetExceeded,
+        hardBudgetExceeded: hardBudgetExceeded,
+        dispatchAction: dispatchAction,
+        expectedValueScore: expectedValueScore,
+        minExpectedValueScore: minExpectedValue,
+        expectedValueKnown: expectedValueKnown,
+        expectedValueSource: expectedValueSource,
+        expectedValuePositive: expectedValuePositive,
+        evidenceStrength: evidenceStrength,
+        materialEvidence: materialEvidence,
+        newEvidence: newEvidence,
+        evidenceBacked: evidenceBacked,
+        evidenceSignals: evidenceSignals,
+        recommendedControl: recommendedControl,
+        forbiddenActions: forbiddenActions,
+        requiredEvidence: requiredEvidence
+    };
+}
+function cleanDateString(value) {
+    var date = value instanceof Date ? value : new Date(value || Date.now());
+    return Number.isNaN(date.getTime()) ? new Date().toISOString() : date.toISOString();
+}
+function normalizeHotfixChannel(value) {
+    var normalized = cleanText(value, 120).toLowerCase().replace(/[\s-]+/g, '_');
+    return HOTFIX_CHANNELS.has(normalized) ? normalized : '';
+}
+function normalizeHotfixStatus(value) {
+    var normalized = cleanText(value, 120).toLowerCase().replace(/[\s-]+/g, '_');
+    if (/^(pass|passed|success|succeeded|complete|completed|accepted)$/.test(normalized)) {
+        return 'passed';
+    }
+    if (/^(block|blocked|failed|fail|error|denied)$/.test(normalized)) {
+        return 'blocked';
+    }
+    if (/^(missing|none)$/.test(normalized)) {
+        return 'missing';
+    }
+    return 'incomplete';
+}
+function hotfixStatusPassed(value) {
+    return normalizeHotfixStatus(value) === 'passed';
+}
+function normalizeHotfixEvidenceTarget(value) {
+    var source = cleanObject(value);
+    return {
+        surface: cleanText(source.surface, 160),
+        host: cleanText(source.host || source.hostname || source.domain, 240),
+        path: cleanText(source.path || source.remotePath || source.remote_path, 500),
+        artifactPath: cleanText(source.artifactPath || source.artifact_path || source.localPath || source.local_path, 500),
+        bucket: cleanText(source.bucket || source.s3Bucket || source.s3_bucket, 240),
+        distributionId: cleanText(source.distributionId || source.distribution_id || source.cloudfrontDistributionId || source.cloudfront_distribution_id, 240),
+        processName: cleanText(source.processName || source.process_name || source.service || source.serviceName, 160),
+        configKey: cleanText(source.configKey || source.config_key || source.key, 240),
+        cacheKey: cleanText(source.cacheKey || source.cache_key, 240),
+        seedKey: cleanText(source.seedKey || source.seed_key || source.fixture, 240)
+    };
+}
+function normalizeHotfixEvidenceTargets(value, fallback) {
+    var rawTargets = Array.isArray(value) ? value : [];
+    var targets = rawTargets
+        .map(normalizeHotfixEvidenceTarget)
+        .filter(function (target) { return Object.values(target).some(function (entry) { return cleanText(entry, 500); }); });
+    if (!targets.length && fallback && Object.values(fallback).some(function (entry) { return cleanText(entry, 500); })) {
+        targets.push(fallback);
+    }
+    var seen = new Set();
+    return targets.filter(function (target) {
+        var key = "".concat(cleanText(target.host, 240).toLowerCase(), "::").concat(cleanText(target.path || target.processName || target.configKey || target.seedKey || target.cacheKey, 500));
+        if (seen.has(key)) {
+            return false;
+        }
+        seen.add(key);
+        return true;
+    }).slice(0, 20);
+}
+function normalizeHotfixRemoteChecksumProof(value) {
+    var source = cleanObject(value);
+    return {
+        host: cleanText(source.host || source.hostname || source.domain, 240),
+        path: cleanText(source.path || source.remotePath || source.remote_path, 500),
+        checksumBefore: cleanText(source.checksumBefore || source.checksum_before || source.remoteChecksumBefore || source.remote_checksum_before, 160),
+        checksumAfter: cleanText(source.checksumAfter || source.checksum_after || source.remoteChecksumAfter || source.remote_checksum_after, 160),
+        checksum: cleanText(source.checksum || source.remoteChecksum || source.remote_checksum, 160),
+        status: cleanText(source.status, 160)
+    };
+}
+function normalizeHotfixRemoteChecksumProofs(value) {
+    return (Array.isArray(value) ? value : [])
+        .map(normalizeHotfixRemoteChecksumProof)
+        .filter(function (entry) { return entry.host || entry.path || entry.checksumAfter || entry.checksum || entry.status; })
+        .slice(0, 40);
+}
+function normalizeHotfixHostStatusProof(value) {
+    var _a, _b;
+    var source = cleanObject(value);
+    var checkCount = Number((_a = source.checkCount) !== null && _a !== void 0 ? _a : source.check_count);
+    var failedCount = Number((_b = source.failedCount) !== null && _b !== void 0 ? _b : source.failed_count);
+    return {
+        host: cleanText(source.host || source.hostname || source.domain, 240),
+        status: cleanText(source.status || source.result, 160),
+        evidence: cleanText(source.evidence || source.message || source.summary, 1000),
+        checkCount: Number.isFinite(checkCount) ? Math.max(0, Math.floor(checkCount)) : undefined,
+        failedCount: Number.isFinite(failedCount) ? Math.max(0, Math.floor(failedCount)) : undefined
+    };
+}
+function normalizeHotfixHostStatusProofs(value) {
+    return (Array.isArray(value) ? value : [])
+        .map(normalizeHotfixHostStatusProof)
+        .filter(function (entry) { return entry.host || entry.status || entry.evidence; })
+        .slice(0, 40);
+}
+function normalizeResolveIOAIManagerHotfixEvidence(value, policy) {
+    var _a;
+    var source = cleanObject(value);
+    if (!Object.keys(source).length) {
+        return undefined;
+    }
+    var channel = normalizeHotfixChannel(source.channel || source.hotfixChannel || source.hotfix_channel || ((_a = policy === null || policy === void 0 ? void 0 : policy.hotfixPlan) === null || _a === void 0 ? void 0 : _a.recommendedChannel));
+    if (!channel) {
+        return undefined;
+    }
+    var target = normalizeHotfixEvidenceTarget(source.target || source);
+    var targets = normalizeHotfixEvidenceTargets(source.targets || source.hotfixTargets || source.hotfix_targets, target);
+    return {
+        channel: channel,
+        status: normalizeHotfixStatus(source.status),
+        target: target,
+        targets: targets,
+        compiledArtifactPath: cleanText(source.compiledArtifactPath || source.compiled_artifact_path || target.artifactPath, 500),
+        builtDistPath: cleanText(source.builtDistPath || source.built_dist_path || target.artifactPath, 500),
+        remoteChecksumBefore: cleanText(source.remoteChecksumBefore || source.remote_checksum_before || source.checksumBefore || source.checksum_before, 160),
+        remoteChecksumAfter: cleanText(source.remoteChecksumAfter || source.remote_checksum_after || source.checksumAfter || source.checksum_after, 160),
+        remoteChecksum: cleanText(source.remoteChecksum || source.remote_checksum || source.checksum, 160),
+        remoteChecksums: normalizeHotfixRemoteChecksumProofs(source.remoteChecksums || source.remote_checksums || source.checksums || source.hostChecksums || source.host_checksums),
+        restartEvidence: cleanText(source.restartEvidence || source.restart_evidence, 1000),
+        restartResults: normalizeHotfixHostStatusProofs(source.restartResults || source.restart_results || source.restarts || source.serviceRestartResults || source.service_restart_results),
+        healthCheckStatus: cleanText(source.healthCheckStatus || source.health_check_status || source.health, 160),
+        healthChecks: normalizeHotfixHostStatusProofs(source.healthChecks || source.health_checks || source.hostHealthChecks || source.host_health_checks),
+        selfTestStatus: cleanText(source.selfTestStatus || source.self_test_status || source.selfTest || source.self_test, 160),
+        selfTests: normalizeHotfixHostStatusProofs(source.selfTests || source.self_tests || source.runnerManagerSelfTests || source.runner_manager_self_tests),
+        releaseGateStatus: cleanText(source.releaseGateStatus || source.release_gate_status || source.releaseGate || source.release_gate, 160),
+        s3UploadResult: cleanText(source.s3UploadResult || source.s3_upload_result || source.uploadResult || source.upload_result, 1000),
+        cloudfrontInvalidationId: cleanText(source.cloudfrontInvalidationId || source.cloudfront_invalidation_id || source.invalidationId || source.invalidation_id, 240),
+        publicProof: cleanText(source.publicProof || source.public_proof || source.publicUrl || source.public_url, 1000),
+        configChangeEvidence: cleanText(source.configChangeEvidence || source.config_change_evidence, 1000),
+        seedDataEvidence: cleanText(source.seedDataEvidence || source.seed_data_evidence, 1000),
+        cacheInvalidationEvidence: cleanText(source.cacheInvalidationEvidence || source.cache_invalidation_evidence, 1000),
+        serviceRestartEvidence: cleanText(source.serviceRestartEvidence || source.service_restart_evidence, 1000),
+        releaseArtifactFingerprint: cleanText(source.releaseArtifactFingerprint || source.release_artifact_fingerprint || source.artifactFingerprint || source.artifact_fingerprint, 240),
+        lastReleaseArtifactFingerprint: cleanText(source.lastReleaseArtifactFingerprint || source.last_release_artifact_fingerprint || source.lastArtifactFingerprint || source.last_artifact_fingerprint, 240),
+        sourceCommitSha: cleanText(source.sourceCommitSha || source.source_commit_sha || source.gitCommitSha || source.git_commit_sha || source.commitSha || source.commit_sha, 120),
+        githubCommitUrl: cleanText(source.githubCommitUrl || source.github_commit_url || source.gitCommitUrl || source.git_commit_url || source.commitUrl || source.commit_url, 500),
+        gitCommitStatus: cleanText(source.gitCommitStatus || source.git_commit_status || source.githubCommitStatus || source.github_commit_status, 160),
+        gitPushStatus: cleanText(source.gitPushStatus || source.git_push_status || source.githubPushStatus || source.github_push_status || source.githubCommitReachableStatus || source.github_commit_reachable_status, 160),
+        committedAt: source.committedAt || source.committed_at,
+        forceDeployReason: cleanText(source.forceDeployReason || source.force_deploy_reason, 1000),
+        hotfixCannotResolveReason: cleanText(source.hotfixCannotResolveReason || source.hotfix_cannot_resolve_reason, 1000),
+        fullDeployRequested: source.fullDeployRequested === true || source.full_deploy_requested === true,
+        recordedAt: source.recordedAt || source.recorded_at
+    };
+}
+function matchingHotfixPlanStep(policy, channel) {
+    var _a;
+    return (((_a = policy === null || policy === void 0 ? void 0 : policy.hotfixPlan) === null || _a === void 0 ? void 0 : _a.steps) || []).find(function (step) { return step.channel === channel; });
+}
+function pushMissing(blockers, condition, message) {
+    if (!condition) {
+        blockers.push(message);
+    }
+}
+function hotfixRequiresGithubCommit(channel) {
+    return /^(backend_js|static_ui|config|seed_data|release_artifact|new_artifact_deploy|artifact_build)$/.test(channel);
+}
+function extractGithubCommitSha(value) {
+    var _a;
+    var match = cleanText(value, 500).match(/^https:\/\/github\.com\/[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+\/commit\/([a-f0-9]{40})(?:$|[?#/])/i);
+    return ((_a = match === null || match === void 0 ? void 0 : match[1]) === null || _a === void 0 ? void 0 : _a.toLowerCase()) || '';
+}
+function isFullGitCommitSha(value) {
+    return /^[a-f0-9]{40}$/i.test(cleanText(value, 120));
+}
+function isStrongRemoteChecksum(value) {
+    return /^[a-f0-9]{12,128}$/i.test(cleanText(value, 160));
+}
+function hotfixTargetLabel(target, fallbackIndex) {
+    return cleanText([target.host, target.path].filter(Boolean).join(':'), 800) || "target[".concat(fallbackIndex, "]");
+}
+function hotfixTargetsForBackendEvidence(evidence) {
+    var targets = normalizeHotfixEvidenceTargets(evidence.targets, evidence.target);
+    return targets.length ? targets : [evidence.target].filter(function (target) { return !!target; });
+}
+function targetMatchesHostPath(sourceHost, sourcePath, target) {
+    var host = cleanText(sourceHost, 240).toLowerCase();
+    var path = cleanText(sourcePath, 500);
+    var targetHost = cleanText(target.host, 240).toLowerCase();
+    var targetPath = cleanText(target.path, 500);
+    if (targetHost && host && targetHost !== host) {
+        return false;
+    }
+    if (targetPath && path && targetPath !== path) {
+        return false;
+    }
+    return (!!targetHost && !!host) || (!!targetPath && !!path);
+}
+function checksumProofForBackendTarget(evidence, target, allowLegacyGlobal) {
+    var proof = (evidence.remoteChecksums || []).find(function (entry) { return targetMatchesHostPath(entry.host, entry.path, target); });
+    if (proof) {
+        return proof;
+    }
+    if (allowLegacyGlobal && (evidence.remoteChecksumAfter || evidence.remoteChecksum)) {
+        return {
+            host: target.host,
+            path: target.path,
+            checksumBefore: evidence.remoteChecksumBefore,
+            checksumAfter: evidence.remoteChecksumAfter,
+            checksum: evidence.remoteChecksum,
+            status: evidence.status
+        };
+    }
+    return undefined;
+}
+function hostStatusProofForBackendTarget(records, target, allowLegacyGlobalStatus) {
+    var proof = (records || []).find(function (entry) { return targetMatchesHostPath(entry.host, undefined, target); });
+    if (proof) {
+        return proof;
+    }
+    if (allowLegacyGlobalStatus) {
+        return {
+            host: target.host,
+            status: cleanText(allowLegacyGlobalStatus, 160)
+        };
+    }
+    return undefined;
+}
+function backendHotfixTargetTouchesRunnerControlPlane(target) {
+    var path = cleanText((target === null || target === void 0 ? void 0 : target.path) || (target === null || target === void 0 ? void 0 : target.artifactPath), 500).replace(/\\/g, '/').toLowerCase();
+    return /(^|\/)(managers\/ai-dashboard|methods\/support-ticket-automation|http\/runner-manager-selftest|http\/support|node_modules\/@resolveio\/server-lib\/(?:server-app|util\/(?:support-runner-v5|ai-runner-manager-policy|ai-run-evidence|ai-runner-qa-tools)))/i.test(path);
+}
+function backendHotfixRestartProofIncludesSupportManagers(evidence) {
+    var text = __spreadArray([
+        evidence.restartEvidence,
+        evidence.serviceRestartEvidence
+    ], __read((evidence.restartResults || []).map(function (entry) { return "".concat(entry.status || '', " ").concat(entry.evidence || ''); })), false).join('\n');
+    return /\b(resolveio_support_ticket_codex_manager|support[_ -]?(?:ticket[_ -]?)?(?:codex[_ -]?)?manager|support[_ -]?manager)\b/i.test(text);
+}
+function validateBackendHotfixTargetCoverage(evidence, blockers) {
+    var targets = hotfixTargetsForBackendEvidence(evidence);
+    var structuredMultiTarget = targets.length > 1;
+    if (structuredMultiTarget && !(evidence.remoteChecksums || []).length) {
+        blockers.push('Backend JS hotfix with multiple targets requires remoteChecksums[] with a strong checksumAfter per host/path.');
+    }
+    if (structuredMultiTarget && !(evidence.restartResults || []).length) {
+        blockers.push('Backend JS hotfix with multiple targets requires restartResults[] with passed status per host.');
+    }
+    if (structuredMultiTarget && !(evidence.healthChecks || []).length) {
+        blockers.push('Backend JS hotfix with multiple targets requires healthChecks[] with passed status per host.');
+    }
+    if (structuredMultiTarget && !(evidence.selfTests || []).length) {
+        blockers.push('Backend JS hotfix with multiple targets requires selfTests[] with passed status per host.');
+    }
+    if (targets.some(backendHotfixTargetTouchesRunnerControlPlane) && !backendHotfixRestartProofIncludesSupportManagers(evidence)) {
+        blockers.push('Runner/control-plane backend hotfix requires restart evidence for resolveio_support_ticket_codex_manager on affected backend hosts; restarting nodejs alone can leave stale manager code running.');
+    }
+    targets.forEach(function (target, index) {
+        var label = hotfixTargetLabel(target, index);
+        pushMissing(blockers, !!target.host, "Backend JS hotfix ".concat(label, " requires target host."));
+        pushMissing(blockers, !!target.path, "Backend JS hotfix ".concat(label, " requires target path."));
+        var checksumProof = checksumProofForBackendTarget(evidence, target, !structuredMultiTarget);
+        var checksumAfter = (checksumProof === null || checksumProof === void 0 ? void 0 : checksumProof.checksumAfter) || (checksumProof === null || checksumProof === void 0 ? void 0 : checksumProof.checksum) || '';
+        pushMissing(blockers, !!checksumAfter, "Backend JS hotfix ".concat(label, " requires remote checksum after replacement."));
+        if (checksumAfter && !isStrongRemoteChecksum(checksumAfter)) {
+            blockers.push("Backend JS hotfix ".concat(label, " remote checksum after replacement must be a strong hex checksum, not a label or placeholder."));
+        }
+        if ((checksumProof === null || checksumProof === void 0 ? void 0 : checksumProof.checksumBefore) && checksumAfter && checksumProof.checksumBefore === checksumAfter) {
+            blockers.push("Backend JS hotfix ".concat(label, " checksum did not change; record force/no-op evidence or do not claim a hotfix."));
+        }
+        var restartProof = hostStatusProofForBackendTarget(evidence.restartResults, target, structuredMultiTarget ? '' : (evidence.restartEvidence || evidence.serviceRestartEvidence ? 'passed' : ''));
+        pushMissing(blockers, !!restartProof && hotfixStatusPassed(restartProof.status || restartProof.evidence), "Backend JS hotfix ".concat(label, " requires restart evidence or passed restartResults status."));
+        var healthProof = hostStatusProofForBackendTarget(evidence.healthChecks, target, structuredMultiTarget ? '' : evidence.healthCheckStatus);
+        pushMissing(blockers, !!healthProof && hotfixStatusPassed(healthProof.status), "Backend JS hotfix ".concat(label, " requires passed healthCheckStatus or healthChecks status."));
+        var selfTestProof = hostStatusProofForBackendTarget(evidence.selfTests, target, structuredMultiTarget ? '' : evidence.selfTestStatus);
+        pushMissing(blockers, !!selfTestProof && hotfixStatusPassed(selfTestProof.status), "Backend JS hotfix ".concat(label, " requires passed selfTestStatus or selfTests status."));
+        if (selfTestProof && Number.isFinite(Number(selfTestProof.failedCount)) && Number(selfTestProof.failedCount) > 0) {
+            blockers.push("Backend JS hotfix ".concat(label, " selfTests failedCount must be 0."));
+        }
+    });
+}
+function githubCommitProofBlockers(value, channel) {
+    var blockers = [];
+    var sourceCommitSha = cleanText(value.sourceCommitSha, 120);
+    var githubCommitUrl = cleanText(value.githubCommitUrl, 500);
+    var gitCommitStatus = cleanText(value.gitCommitStatus, 160);
+    var gitPushStatus = cleanText(value.gitPushStatus, 160);
+    var urlCommitSha = extractGithubCommitSha(githubCommitUrl);
+    if (!sourceCommitSha || !githubCommitUrl) {
+        blockers.push("".concat(channel, " hotfix requires sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus so live hotfixes are backed by a committed and pushed GitHub change before continuation."));
+        return blockers;
+    }
+    if (!isFullGitCommitSha(sourceCommitSha)) {
+        blockers.push("".concat(channel, " hotfix sourceCommitSha must be a full 40-character git SHA."));
+    }
+    if (!urlCommitSha) {
+        blockers.push("".concat(channel, " hotfix githubCommitUrl must be a GitHub commit URL ending in a full 40-character git SHA."));
+    }
+    else if (isFullGitCommitSha(sourceCommitSha) && urlCommitSha !== sourceCommitSha.toLowerCase()) {
+        blockers.push("".concat(channel, " hotfix githubCommitUrl commit SHA must match sourceCommitSha."));
+    }
+    if (!gitCommitStatus) {
+        blockers.push("".concat(channel, " hotfix requires passed gitCommitStatus so the manager records that the hotfix diff was committed before continuation."));
+    }
+    else if (!hotfixStatusPassed(gitCommitStatus)) {
+        blockers.push("".concat(channel, " hotfix gitCommitStatus must be passed before continuation."));
+    }
+    if (!gitPushStatus) {
+        blockers.push("".concat(channel, " hotfix requires passed gitPushStatus so the manager knows the hotfix commit is present on GitHub before continuation."));
+    }
+    else if (!hotfixStatusPassed(gitPushStatus)) {
+        blockers.push("".concat(channel, " hotfix gitPushStatus must be passed before continuation."));
+    }
+    return blockers;
+}
+function evaluateResolveIOAIManagerHotfixGitProof(value, channelHint) {
+    if (channelHint === void 0) { channelHint = ''; }
+    var normalized = normalizeResolveIOAIManagerHotfixEvidence(value);
+    var source = (normalized || cleanObject(value));
+    var channel = (channelHint || (normalized === null || normalized === void 0 ? void 0 : normalized.channel) || source.channel || '');
+    var required = hotfixRequiresGithubCommit(channel);
+    var sourceCommitSha = cleanText(source.sourceCommitSha || source.source_commit_sha || source.gitCommitSha || source.git_commit_sha || source.commitSha || source.commit_sha, 120);
+    var githubCommitUrl = cleanText(source.githubCommitUrl || source.github_commit_url || source.gitCommitUrl || source.git_commit_url || source.commitUrl || source.commit_url, 500);
+    var githubCommitSha = extractGithubCommitSha(githubCommitUrl);
+    var gitCommitStatus = cleanText(source.gitCommitStatus || source.git_commit_status || source.githubCommitStatus || source.github_commit_status, 160);
+    var gitPushStatus = cleanText(source.gitPushStatus || source.git_push_status || source.githubPushStatus || source.github_push_status || source.githubCommitReachableStatus || source.github_commit_reachable_status, 160);
+    var blockers = required
+        ? githubCommitProofBlockers({
+            channel: channel,
+            target: (normalized === null || normalized === void 0 ? void 0 : normalized.target) || {},
+            sourceCommitSha: sourceCommitSha,
+            githubCommitUrl: githubCommitUrl,
+            gitCommitStatus: gitCommitStatus,
+            gitPushStatus: gitPushStatus
+        }, channel)
+        : [];
+    var status = !required
+        ? 'not_required'
+        : (!sourceCommitSha || !githubCommitUrl || !gitCommitStatus || !gitPushStatus)
+            ? 'missing'
+            : blockers.length
+                ? 'invalid'
+                : 'passed';
+    var passed = !required || status === 'passed';
+    return {
+        required: required,
+        status: status,
+        passed: passed,
+        managerMustCommitBeforeHotfix: required && !passed,
+        channel: channel,
+        sourceCommitSha: sourceCommitSha,
+        githubCommitUrl: githubCommitUrl,
+        githubCommitSha: githubCommitSha,
+        gitCommitStatus: gitCommitStatus,
+        gitPushStatus: gitPushStatus,
+        blockers: blockers,
+        nextCommands: required && !passed
+            ? ['commit_and_push_hotfix_to_github', 'verify_github_commit_url_and_push_status', 'record_hotfix_evidence']
+            : [],
+        requiredEvidence: required
+            ? ['full 40-character sourceCommitSha', 'matching GitHub commit URL', 'passed gitCommitStatus', 'passed gitPushStatus']
+            : []
+    };
+}
+function validateResolveIOAIManagerHotfixEvidence(value, options) {
+    var _a, _b, _c, _d;
+    if (options === void 0) { options = {}; }
+    var normalized = normalizeResolveIOAIManagerHotfixEvidence(value, options.policy);
+    var policy = options.policy;
+    if (!normalized) {
+        return {
+            valid: false,
+            status: 'missing',
+            channel: '',
+            blockers: ['Hotfix evidence is missing or channel is unsupported.'],
+            warnings: [],
+            fullDeployAllowed: false,
+            fullDeployBlocked: true,
+            hotfixSatisfied: false,
+            requiredEvidence: ((_b = (_a = policy === null || policy === void 0 ? void 0 : policy.hotfixPlan) === null || _a === void 0 ? void 0 : _a.steps) === null || _b === void 0 ? void 0 : _b.flatMap(function (step) { return step.requiredEvidence; })) || [],
+            successEvidence: ((_d = (_c = policy === null || policy === void 0 ? void 0 : policy.hotfixPlan) === null || _c === void 0 ? void 0 : _c.steps) === null || _d === void 0 ? void 0 : _d.flatMap(function (step) { return step.successEvidence; })) || [],
+            githubCommitGuard: evaluateResolveIOAIManagerHotfixGitProof(value),
+            policy: policy,
+            nextAction: 'record_hotfix_evidence'
+        };
+    }
+    var blockers = [];
+    var warnings = [];
+    var target = normalized.target || {};
+    var channel = normalized.channel;
+    var step = matchingHotfixPlanStep(policy, channel);
+    var requiredEvidence = (step === null || step === void 0 ? void 0 : step.requiredEvidence) || [];
+    var successEvidence = (step === null || step === void 0 ? void 0 : step.successEvidence) || [];
+    var policyAllowsFullDeploy = (policy === null || policy === void 0 ? void 0 : policy.fullDeployAllowed) === true;
+    var policyBlocksDuplicate = (policy === null || policy === void 0 ? void 0 : policy.duplicateDeployBlocked) === true || (policy === null || policy === void 0 ? void 0 : policy.duplicatePublishBlocked) === true;
+    var githubCommitGuard = evaluateResolveIOAIManagerHotfixGitProof(normalized, channel);
+    if (normalized.fullDeployRequested && !policyAllowsFullDeploy && channel !== 'force_deploy_review' && channel !== 'new_artifact_deploy') {
+        blockers.push('Full deploy requested but hotfix-first policy does not allow a full deploy for this release state.');
+    }
+    if (normalized.fullDeployRequested && policyBlocksDuplicate && !normalized.forceDeployReason && channel !== 'force_deploy_review') {
+        blockers.push('Duplicate deploy/publish fingerprint requires force deploy/publish evidence before any full deploy.');
+    }
+    if (githubCommitGuard.required) {
+        blockers.push.apply(blockers, __spreadArray([], __read(githubCommitGuard.blockers), false));
+    }
+    if (channel === 'backend_js') {
+        pushMissing(blockers, !!normalized.compiledArtifactPath, 'Backend JS hotfix requires compiledArtifactPath.');
+        validateBackendHotfixTargetCoverage(normalized, blockers);
+    }
+    else if (channel === 'static_ui') {
+        pushMissing(blockers, !!normalized.builtDistPath, 'Static UI hotfix requires builtDistPath.');
+        pushMissing(blockers, !!target.bucket, 'Static UI hotfix requires target.bucket.');
+        pushMissing(blockers, !!target.distributionId, 'Static UI hotfix requires target.distributionId.');
+        pushMissing(blockers, !!normalized.s3UploadResult, 'Static UI hotfix requires s3UploadResult.');
+        pushMissing(blockers, !!normalized.cloudfrontInvalidationId, 'Static UI hotfix requires cloudfrontInvalidationId.');
+        pushMissing(blockers, !!normalized.publicProof, 'Static UI hotfix requires publicProof.');
+    }
+    else if (channel === 'config') {
+        pushMissing(blockers, !!target.configKey, 'Config hotfix requires target.configKey.');
+        pushMissing(blockers, !!normalized.configChangeEvidence, 'Config hotfix requires configChangeEvidence.');
+        pushMissing(blockers, hotfixStatusPassed(normalized.releaseGateStatus), 'Config hotfix requires passed releaseGateStatus.');
+    }
+    else if (channel === 'seed_data') {
+        pushMissing(blockers, !!target.seedKey, 'Seed-data hotfix requires target.seedKey.');
+        pushMissing(blockers, !!normalized.seedDataEvidence, 'Seed-data hotfix requires seedDataEvidence.');
+        pushMissing(blockers, hotfixStatusPassed(normalized.releaseGateStatus), 'Seed-data hotfix requires passed releaseGateStatus.');
+    }
+    else if (channel === 'cache_invalidation') {
+        pushMissing(blockers, !!target.cacheKey, 'Cache invalidation hotfix requires target.cacheKey.');
+        pushMissing(blockers, !!normalized.cacheInvalidationEvidence, 'Cache invalidation hotfix requires cacheInvalidationEvidence.');
+        pushMissing(blockers, hotfixStatusPassed(normalized.releaseGateStatus) || hotfixStatusPassed(normalized.healthCheckStatus), 'Cache invalidation hotfix requires passed releaseGateStatus or healthCheckStatus.');
+    }
+    else if (channel === 'service_restart') {
+        pushMissing(blockers, !!target.processName, 'Service restart hotfix requires target.processName.');
+        pushMissing(blockers, !!(normalized.serviceRestartEvidence || normalized.restartEvidence), 'Service restart hotfix requires restart evidence.');
+        pushMissing(blockers, hotfixStatusPassed(normalized.healthCheckStatus), 'Service restart hotfix requires passed healthCheckStatus.');
+        pushMissing(blockers, hotfixStatusPassed(normalized.selfTestStatus), 'Service restart hotfix requires passed selfTestStatus.');
+    }
+    else if (channel === 'release_artifact') {
+        pushMissing(blockers, !!normalized.releaseArtifactFingerprint, 'Release artifact hotfix requires releaseArtifactFingerprint.');
+        pushMissing(blockers, hotfixStatusPassed(normalized.releaseGateStatus), 'Release artifact hotfix requires passed releaseGateStatus.');
+    }
+    else if (channel === 'force_deploy_review') {
+        pushMissing(blockers, !!normalized.forceDeployReason, 'Force deploy review requires forceDeployReason.');
+        pushMissing(blockers, !!normalized.hotfixCannotResolveReason, 'Force deploy review requires hotfixCannotResolveReason.');
+    }
+    else if (channel === 'new_artifact_deploy') {
+        pushMissing(blockers, !!normalized.releaseArtifactFingerprint, 'New artifact deploy requires releaseArtifactFingerprint.');
+        pushMissing(blockers, !!normalized.lastReleaseArtifactFingerprint, 'New artifact deploy requires lastReleaseArtifactFingerprint.');
+        if (normalized.releaseArtifactFingerprint && normalized.lastReleaseArtifactFingerprint && normalized.releaseArtifactFingerprint === normalized.lastReleaseArtifactFingerprint) {
+            blockers.push('New artifact deploy requires a fingerprint different from the last deployed artifact.');
+        }
+        pushMissing(blockers, hotfixStatusPassed(normalized.releaseGateStatus), 'New artifact deploy requires passed releaseGateStatus.');
+    }
+    else if (channel === 'artifact_build') {
+        pushMissing(blockers, !!normalized.releaseArtifactFingerprint, 'Artifact build requires releaseArtifactFingerprint.');
+        if (normalized.fullDeployRequested) {
+            blockers.push('Artifact build evidence cannot request a full deploy in the same step.');
+        }
+    }
+    if (!step && policy) {
+        warnings.push("Hotfix channel ".concat(channel, " is not the recommended channel in the current release policy."));
+    }
+    var forceDeployReviewValid = channel === 'force_deploy_review' && blockers.length === 0;
+    var newArtifactDeployValid = channel === 'new_artifact_deploy' && blockers.length === 0;
+    var fullDeployAllowed = forceDeployReviewValid || newArtifactDeployValid || (policyAllowsFullDeploy && blockers.length === 0 && normalized.fullDeployRequested === true);
+    var hotfixSatisfied = blockers.length === 0 && !fullDeployAllowed;
+    var status = blockers.length
+        ? (normalizeHotfixStatus(normalized.status) === 'blocked' ? 'blocked' : 'incomplete')
+        : 'passed';
+    var fullDeployBlocked = !fullDeployAllowed && (normalized.fullDeployRequested === true || (policy === null || policy === void 0 ? void 0 : policy.fullDeployAllowed) !== true);
+    var nextAction = blockers.some(function (blocker) { return /force deploy/i.test(blocker); })
+        ? 'request_force_deploy_reason'
+        : fullDeployAllowed
+            ? 'allow_one_full_deploy'
+            : hotfixSatisfied
+                ? 'rerun_release_gate'
+                : blockers.length
+                    ? 'record_hotfix_evidence'
+                    : 'park_manual';
+    normalized.status = status;
+    return {
+        valid: blockers.length === 0,
+        status: status,
+        channel: channel,
+        blockers: blockers,
+        warnings: warnings,
+        fullDeployAllowed: fullDeployAllowed,
+        fullDeployBlocked: fullDeployBlocked,
+        hotfixSatisfied: hotfixSatisfied,
+        requiredEvidence: requiredEvidence,
+        successEvidence: successEvidence,
+        normalized: normalized,
+        githubCommitGuard: githubCommitGuard,
+        policy: policy,
+        nextAction: nextAction
+    };
+}
+function mergeHotfixEvidenceRecordInput(input) {
+    var e_3, _a;
+    var merged = __assign({}, cleanObject(input.evidence));
+    var directFields = [
+        'channel',
+        'status',
+        'target',
+        'targets',
+        'compiledArtifactPath',
+        'builtDistPath',
+        'remoteChecksumBefore',
+        'remoteChecksumAfter',
+        'remoteChecksum',
+        'remoteChecksums',
+        'restartEvidence',
+        'restartResults',
+        'healthCheckStatus',
+        'healthChecks',
+        'selfTestStatus',
+        'selfTests',
+        'releaseGateStatus',
+        's3UploadResult',
+        'cloudfrontInvalidationId',
+        'publicProof',
+        'configChangeEvidence',
+        'seedDataEvidence',
+        'cacheInvalidationEvidence',
+        'serviceRestartEvidence',
+        'releaseArtifactFingerprint',
+        'lastReleaseArtifactFingerprint',
+        'sourceCommitSha',
+        'githubCommitUrl',
+        'gitCommitStatus',
+        'gitPushStatus',
+        'committedAt',
+        'forceDeployReason',
+        'hotfixCannotResolveReason',
+        'fullDeployRequested',
+        'recordedAt'
+    ];
+    try {
+        for (var directFields_1 = __values(directFields), directFields_1_1 = directFields_1.next(); !directFields_1_1.done; directFields_1_1 = directFields_1.next()) {
+            var field = directFields_1_1.value;
+            var value = input[field];
+            if (value !== undefined && value !== null && value !== '') {
+                merged[field] = value;
+            }
+        }
+    }
+    catch (e_3_1) { e_3 = { error: e_3_1 }; }
+    finally {
+        try {
+            if (directFields_1_1 && !directFields_1_1.done && (_a = directFields_1.return)) _a.call(directFields_1);
+        }
+        finally { if (e_3) throw e_3.error; }
+    }
+    return merged;
+}
+function resolveHotfixEvidenceRequiredFields(channel) {
+    var fields = ['channel'];
+    if (hotfixRequiresGithubCommit(channel)) {
+        fields.push('sourceCommitSha', 'githubCommitUrl', 'gitCommitStatus', 'gitPushStatus');
+    }
+    if (channel === 'backend_js') {
+        fields.push('compiledArtifactPath', 'target.host', 'target.path', 'remoteChecksumAfter', 'restartEvidence', 'healthCheckStatus', 'selfTestStatus');
+    }
+    else if (channel === 'static_ui') {
+        fields.push('builtDistPath', 'target.bucket', 'target.distributionId', 's3UploadResult', 'cloudfrontInvalidationId', 'publicProof');
+    }
+    else if (channel === 'config') {
+        fields.push('target.configKey', 'configChangeEvidence', 'releaseGateStatus');
+    }
+    else if (channel === 'seed_data') {
+        fields.push('target.seedKey', 'seedDataEvidence', 'releaseGateStatus');
+    }
+    else if (channel === 'cache_invalidation') {
+        fields.push('target.cacheKey', 'cacheInvalidationEvidence', 'releaseGateStatus_or_healthCheckStatus');
+    }
+    else if (channel === 'service_restart') {
+        fields.push('target.processName', 'serviceRestartEvidence', 'healthCheckStatus', 'selfTestStatus');
+    }
+    else if (channel === 'release_artifact') {
+        fields.push('releaseArtifactFingerprint', 'releaseGateStatus');
+    }
+    else if (channel === 'new_artifact_deploy') {
+        fields.push('releaseArtifactFingerprint', 'lastReleaseArtifactFingerprint', 'releaseGateStatus');
+    }
+    else if (channel === 'artifact_build') {
+        fields.push('releaseArtifactFingerprint');
+    }
+    else if (channel === 'force_deploy_review') {
+        fields.push('forceDeployReason', 'hotfixCannotResolveReason');
+    }
+    return Array.from(new Set(fields));
+}
+function hotfixEvidenceFieldPresent(evidence, field) {
+    if (!evidence) {
+        return false;
+    }
+    var target = evidence.target || {};
+    switch (field) {
+        case 'channel':
+            return !!evidence.channel;
+        case 'sourceCommitSha':
+            return isFullGitCommitSha(evidence.sourceCommitSha || '');
+        case 'githubCommitUrl':
+            return !!extractGithubCommitSha(evidence.githubCommitUrl || '');
+        case 'gitCommitStatus':
+            return hotfixStatusPassed(evidence.gitCommitStatus);
+        case 'gitPushStatus':
+            return hotfixStatusPassed(evidence.gitPushStatus);
+        case 'compiledArtifactPath':
+            return !!cleanText(evidence.compiledArtifactPath, 500);
+        case 'builtDistPath':
+            return !!cleanText(evidence.builtDistPath, 500);
+        case 'remoteChecksumAfter':
+            return !!cleanText(evidence.remoteChecksumAfter || evidence.remoteChecksum, 160);
+        case 'restartEvidence':
+            return !!cleanText(evidence.restartEvidence || evidence.serviceRestartEvidence, 1000);
+        case 'serviceRestartEvidence':
+            return !!cleanText(evidence.serviceRestartEvidence || evidence.restartEvidence, 1000);
+        case 'healthCheckStatus':
+            return hotfixStatusPassed(evidence.healthCheckStatus);
+        case 'selfTestStatus':
+            return hotfixStatusPassed(evidence.selfTestStatus);
+        case 'releaseGateStatus':
+            return hotfixStatusPassed(evidence.releaseGateStatus);
+        case 'releaseGateStatus_or_healthCheckStatus':
+            return hotfixStatusPassed(evidence.releaseGateStatus) || hotfixStatusPassed(evidence.healthCheckStatus);
+        case 's3UploadResult':
+            return !!cleanText(evidence.s3UploadResult, 1000);
+        case 'cloudfrontInvalidationId':
+            return !!cleanText(evidence.cloudfrontInvalidationId, 240);
+        case 'publicProof':
+            return !!cleanText(evidence.publicProof, 1000);
+        case 'configChangeEvidence':
+            return !!cleanText(evidence.configChangeEvidence, 1000);
+        case 'seedDataEvidence':
+            return !!cleanText(evidence.seedDataEvidence, 1000);
+        case 'cacheInvalidationEvidence':
+            return !!cleanText(evidence.cacheInvalidationEvidence, 1000);
+        case 'releaseArtifactFingerprint':
+            return !!cleanText(evidence.releaseArtifactFingerprint, 240);
+        case 'lastReleaseArtifactFingerprint':
+            return !!cleanText(evidence.lastReleaseArtifactFingerprint, 240);
+        case 'forceDeployReason':
+            return !!cleanText(evidence.forceDeployReason, 1000);
+        case 'hotfixCannotResolveReason':
+            return !!cleanText(evidence.hotfixCannotResolveReason, 1000);
+        case 'target.host':
+            return !!cleanText(target.host, 200);
+        case 'target.path':
+            return !!cleanText(target.path, 500);
+        case 'target.bucket':
+            return !!cleanText(target.bucket, 200);
+        case 'target.distributionId':
+            return !!cleanText(target.distributionId, 200);
+        case 'target.configKey':
+            return !!cleanText(target.configKey, 200);
+        case 'target.seedKey':
+            return !!cleanText(target.seedKey, 200);
+        case 'target.cacheKey':
+            return !!cleanText(target.cacheKey, 200);
+        case 'target.processName':
+            return !!cleanText(target.processName, 200);
+        default:
+            return false;
+    }
+}
+function buildResolveIOAIManagerHotfixEvidenceRecord(input) {
+    var _a, _b;
+    if (input === void 0) { input = {}; }
+    var merged = mergeHotfixEvidenceRecordInput(input);
+    var normalized = normalizeResolveIOAIManagerHotfixEvidence(merged, input.policy);
+    var validation = validateResolveIOAIManagerHotfixEvidence(merged, { policy: input.policy });
+    var channel = validation.channel || (normalized === null || normalized === void 0 ? void 0 : normalized.channel) || ((_b = (_a = input.policy) === null || _a === void 0 ? void 0 : _a.hotfixPlan) === null || _b === void 0 ? void 0 : _b.recommendedChannel) || '';
+    var requiredFields = resolveHotfixEvidenceRequiredFields(channel);
+    var missingFields = requiredFields.filter(function (field) { return !hotfixEvidenceFieldPresent(normalized, field); });
+    var recordedAt = cleanDateString(input.now || (normalized === null || normalized === void 0 ? void 0 : normalized.recordedAt) || new Date());
+    var githubCommitGuard = validation.githubCommitGuard || evaluateResolveIOAIManagerHotfixGitProof(normalized || merged, channel);
+    var commitFirstProtocol = githubCommitGuard.required ? 'commit_first_hotfix' : 'not_required';
+    var commitFirstProtocolSatisfied = githubCommitGuard.required ? githubCommitGuard.passed === true : true;
+    var liveHotfixBlockedUntilCommit = githubCommitGuard.required === true && commitFirstProtocolSatisfied !== true;
+    var liveHotfixAllowed = validation.valid === true && validation.hotfixSatisfied === true && commitFirstProtocolSatisfied === true;
+    var readyForContinuation = validation.valid === true && validation.hotfixSatisfied === true && hotfixStatusPassed(normalized === null || normalized === void 0 ? void 0 : normalized.releaseGateStatus);
+    return {
+        recordId: cleanText(input.recordId, 160) || "hotfix-".concat(fingerprintResolveIOAIManagerBlocker("".concat(channel, ":").concat(githubCommitGuard.sourceCommitSha, ":").concat(recordedAt))),
+        recordedAt: recordedAt,
+        recordedBy: cleanText(input.recordedBy || 'manager', 160),
+        source: cleanText(input.source || 'unknown', 80),
+        reason: cleanText(input.reason, 1000),
+        channel: channel,
+        status: validation.status,
+        nextAction: validation.nextAction,
+        valid: validation.valid,
+        hotfixSatisfied: validation.hotfixSatisfied,
+        fullDeployAllowed: validation.fullDeployAllowed,
+        fullDeployBlocked: validation.fullDeployBlocked,
+        requiredFields: requiredFields,
+        missingFields: missingFields,
+        evidence: normalized,
+        validation: validation,
+        sourceCommitSha: githubCommitGuard.sourceCommitSha,
+        githubCommitUrl: githubCommitGuard.githubCommitUrl,
+        gitCommitStatus: githubCommitGuard.gitCommitStatus,
+        gitPushStatus: githubCommitGuard.gitPushStatus,
+        githubCommitRequired: githubCommitGuard.required,
+        githubCommitProofPassed: githubCommitGuard.passed,
+        commitProofStatus: githubCommitGuard.status,
+        commitFirstProtocol: commitFirstProtocol,
+        commit_first_protocol: commitFirstProtocol,
+        commitFirstProtocolSatisfied: commitFirstProtocolSatisfied,
+        commit_first_protocol_satisfied: commitFirstProtocolSatisfied,
+        liveHotfixBlockedUntilCommit: liveHotfixBlockedUntilCommit,
+        live_hotfix_blocked_until_commit: liveHotfixBlockedUntilCommit,
+        liveHotfixAllowed: liveHotfixAllowed,
+        live_hotfix_allowed: liveHotfixAllowed,
+        managerMustCommitBeforeHotfix: githubCommitGuard.managerMustCommitBeforeHotfix,
+        githubCommitGuard: githubCommitGuard,
+        readyForReleaseGate: validation.valid === true && validation.nextAction === 'rerun_release_gate',
+        readyForContinuation: readyForContinuation,
+        managerContinuationAllowed: readyForContinuation,
+        manager_continuation_allowed: readyForContinuation
+    };
+}
+function pickFirstHotfixText(sources, keys, max, seen) {
+    var e_4, _a, e_5, _b, e_6, _c;
+    if (max === void 0) { max = 500; }
+    if (seen === void 0) { seen = new WeakSet(); }
+    try {
+        for (var sources_1 = __values(sources), sources_1_1 = sources_1.next(); !sources_1_1.done; sources_1_1 = sources_1.next()) {
+            var source = sources_1_1.value;
+            var record = cleanObject(source);
+            if (!Object.keys(record).length || seen.has(record)) {
+                continue;
+            }
+            seen.add(record);
+            try {
+                for (var keys_1 = (e_5 = void 0, __values(keys)), keys_1_1 = keys_1.next(); !keys_1_1.done; keys_1_1 = keys_1.next()) {
+                    var key = keys_1_1.value;
+                    var value = cleanText(record[key], max);
+                    if (value) {
+                        return value;
+                    }
+                }
+            }
+            catch (e_5_1) { e_5 = { error: e_5_1 }; }
+            finally {
+                try {
+                    if (keys_1_1 && !keys_1_1.done && (_b = keys_1.return)) _b.call(keys_1);
+                }
+                finally { if (e_5) throw e_5.error; }
+            }
+            try {
+                for (var _d = (e_6 = void 0, __values(['evidence', 'hotfixEvidence', 'hotfix_evidence', 'hotfixCommitProof', 'hotfix_commit_proof', 'hotfixCommitGuard', 'hotfix_commit_guard', 'githubCommitGuard', 'github_commit_guard'])), _e = _d.next(); !_e.done; _e = _d.next()) {
+                    var nestedKey = _e.value;
+                    var nestedValue = pickFirstHotfixText([record[nestedKey]], keys, max, seen);
+                    if (nestedValue) {
+                        return nestedValue;
+                    }
+                }
+            }
+            catch (e_6_1) { e_6 = { error: e_6_1 }; }
+            finally {
+                try {
+                    if (_e && !_e.done && (_c = _d.return)) _c.call(_d);
+                }
+                finally { if (e_6) throw e_6.error; }
+            }
+        }
+    }
+    catch (e_4_1) { e_4 = { error: e_4_1 }; }
+    finally {
+        try {
+            if (sources_1_1 && !sources_1_1.done && (_a = sources_1.return)) _a.call(sources_1);
+        }
+        finally { if (e_4) throw e_4.error; }
+    }
+    return '';
+}
+function hotfixDurabilityExtraRequest(contract) {
+    if (!contract.required) {
+        return '';
+    }
+    return [
+        'Manager hotfix durability contract:',
+        "- Contract id: ".concat(contract.contractId),
+        "- Live backend hotfix blocked until commit proof: ".concat(contract.liveHotfixBlockedUntilCommit ? 'yes' : 'no'),
+        "- GitHub commit proof passed: ".concat(contract.commitProofPassed ? 'yes' : 'no'),
+        contract.missingCommitProofFields.length ? "- Missing commit proof fields: ".concat(contract.missingCommitProofFields.join(', ')) : '',
+        contract.phaseOrder.length ? "- Required phase order: ".concat(contract.phaseOrder.join(' -> ')) : '',
+        contract.requiredFields.length ? "- Required evidence fields: ".concat(contract.requiredFields.join(', ')) : '',
+        contract.successCriteria.length ? "- Success criteria: ".concat(contract.successCriteria.join(' | ')) : '',
+        contract.forbiddenActions.length ? "- Forbidden actions: ".concat(contract.forbiddenActions.join(' | ')) : '',
+        '- Prepare the hotfix patch and GitHub commit proof before any live backend apply/restart.',
+        '- After commit proof exists, apply the backend hotfix only through the existing hotfix path, record restart/checksum evidence, run the runner-manager self-test, and rerun the smallest release gate.'
+    ].filter(Boolean).join('\n').slice(0, 3600);
+}
+function buildResolveIOAIManagerHotfixDurabilityContract(input) {
+    var _a, _b, _c, _d, _e;
+    if (input === void 0) { input = {}; }
+    var existing = cleanObject(input.existing);
+    var evidence = Object.keys(cleanObject(input.evidence)).length ? input.evidence : existing.evidence || existing.hotfixEvidence || existing.hotfix_evidence || existing;
+    var validation = validateResolveIOAIManagerHotfixEvidence(evidence, { policy: input.policy });
+    var continuation = input.continuation || undefined;
+    var githubCommitGuard = validation.githubCommitGuard || evaluateResolveIOAIManagerHotfixGitProof(evidence, validation.channel);
+    var sources = [evidence, existing, continuation, continuation === null || continuation === void 0 ? void 0 : continuation.githubCommitGuard, continuation === null || continuation === void 0 ? void 0 : continuation.github_commit_guard, githubCommitGuard];
+    var action = cleanText(input.action || existing.action || existing.dispatchAction || existing.dispatch_action || 'run_release_repair', 160);
+    var actionRequiresHotfix = /release_repair|hotfix|apply.*backend|deploy|publish/i.test(action);
+    var required = existing.required === true
+        || actionRequiresHotfix
+        || githubCommitGuard.required === true
+        || ((_a = validation.githubCommitGuard) === null || _a === void 0 ? void 0 : _a.required) === true
+        || ((_b = continuation === null || continuation === void 0 ? void 0 : continuation.githubCommitGuard) === null || _b === void 0 ? void 0 : _b.required) === true
+        || ((_c = continuation === null || continuation === void 0 ? void 0 : continuation.github_commit_guard) === null || _c === void 0 ? void 0 : _c.required) === true
+        || ((_d = input.policy) === null || _d === void 0 ? void 0 : _d.hotfixPreferred) === true;
+    var sourceCommitSha = githubCommitGuard.sourceCommitSha || pickFirstHotfixText(sources, ['sourceCommitSha', 'source_commit_sha', 'commitSha', 'commit_sha'], 120);
+    var githubCommitUrl = githubCommitGuard.githubCommitUrl || pickFirstHotfixText(sources, ['githubCommitUrl', 'github_commit_url', 'commitUrl', 'commit_url'], 500);
+    var gitCommitStatus = githubCommitGuard.gitCommitStatus || pickFirstHotfixText(sources, ['gitCommitStatus', 'git_commit_status', 'commitStatus', 'commit_status'], 160);
+    var gitPushStatus = githubCommitGuard.gitPushStatus || pickFirstHotfixText(sources, ['gitPushStatus', 'git_push_status', 'pushStatus', 'push_status'], 160);
+    var commitPassed = hotfixStatusPassed(gitCommitStatus);
+    var pushPassed = hotfixStatusPassed(gitPushStatus);
+    var sourceShaPassed = isFullGitCommitSha(sourceCommitSha);
+    var githubUrlSha = extractGithubCommitSha(githubCommitUrl);
+    var githubUrlPassed = !!githubUrlSha && (!sourceShaPassed || githubUrlSha === sourceCommitSha.toLowerCase());
+    var existingMissingCommitFields = cleanList(existing.missingCommitProofFields || existing.missing_commit_proof_fields, 20, 160);
+    var commitFirstProtocolRequired = githubCommitGuard.required === true
+        || existing.durabilityProtocol === 'commit_first_hotfix'
+        || existing.durability_protocol === 'commit_first_hotfix'
+        || existing.commitFirstProtocolRequired === true
+        || existing.commit_first_protocol_required === true
+        || existingMissingCommitFields.some(function (field) { return /sourceCommitSha|githubCommitUrl|gitCommitStatus|gitPushStatus/i.test(field); });
+    var durabilityProtocol = commitFirstProtocolRequired ? 'commit_first_hotfix' : 'not_required';
+    var missingCommitProofFields = [
+        sourceShaPassed ? '' : 'sourceCommitSha',
+        githubUrlPassed ? '' : 'githubCommitUrl',
+        commitPassed ? '' : 'gitCommitStatus=passed',
+        pushPassed ? '' : 'gitPushStatus=passed'
+    ].filter(Boolean);
+    var commitProofPassed = required ? missingCommitProofFields.length === 0 : githubCommitGuard.passed === true;
+    var commitFirstProtocolSatisfied = commitFirstProtocolRequired ? commitProofPassed === true : true;
+    var liveHotfixBlockedUntilCommit = required && commitProofPassed !== true;
+    var releaseGatePassed = input.releaseGatePassed === true
+        || hotfixStatusPassed((_e = validation.normalized) === null || _e === void 0 ? void 0 : _e.releaseGateStatus)
+        || (continuation === null || continuation === void 0 ? void 0 : continuation.canContinueRun) === true;
+    var canPrepareHotfixPatch = required && (existing.canPrepareHotfixPatch === true || existing.can_prepare_hotfix_patch === true || actionRequiresHotfix || (continuation === null || continuation === void 0 ? void 0 : continuation.action) === 'record_hotfix_evidence');
+    var canHotfixBackend = required && commitProofPassed === true && canPrepareHotfixPatch === true;
+    var liveHotfixAllowed = required && commitFirstProtocolSatisfied === true && canPrepareHotfixPatch === true;
+    var managerContinuationAllowed = required
+        ? commitFirstProtocolSatisfied === true && validation.valid === true && releaseGatePassed === true
+        : true;
+    var status = 'not_required';
+    if (required && liveHotfixBlockedUntilCommit) {
+        status = 'waiting_for_commit_proof';
+    }
+    else if (required && validation.valid && releaseGatePassed) {
+        status = 'ready_for_continuation';
+    }
+    else if (required && validation.valid) {
+        status = 'ready_for_release_gate';
+    }
+    else if (required) {
+        status = 'ready_for_live_hotfix';
+    }
+    var phaseOrder = Array.from(new Set(cleanList(existing.phaseOrder || existing.phase_order, 12, 200).concat([
+        'prepare_hotfix_patch_without_live_apply',
+        'commit_and_push_hotfix_to_github',
+        'record_hotfix_evidence',
+        'apply_backend_hotfix_only_after_commit_proof',
+        'run_runner_manager_self_test',
+        'rerun_smallest_release_gate'
+    ]))).slice(0, 12);
+    var requiredFields = Array.from(new Set(cleanList(existing.requiredFields || existing.required_fields, 20, 200).concat([
+        'sourceCommitSha',
+        'githubCommitUrl',
+        'gitCommitStatus=passed',
+        'gitPushStatus=passed',
+        'hotfixPatchDiff',
+        'restartOrChecksumEvidence',
+        'releaseGateResult'
+    ]))).slice(0, 20);
+    var requiredEvidence = Array.from(new Set(cleanList(existing.requiredEvidence || existing.required_evidence, 24, 300).concat(requiredFields, validation.requiredEvidence || []))).slice(0, 24);
+    var successCriteria = Array.from(new Set(cleanList(existing.successCriteria || existing.success_criteria, 14, 300).concat([
+        'Hotfix patch exists without live apply side effects.',
+        'GitHub commit and push proof are recorded before live hotfix.',
+        'Backend restart/checksum evidence and runner-manager self-test pass.',
+        'Only the smallest relevant release gate is rerun after hotfix evidence.'
+    ]))).slice(0, 14);
+    var forbiddenActions = Array.from(new Set(cleanList(existing.forbiddenActions || existing.forbidden_actions, 14, 500).concat([
+        'Do not apply or restart a live backend before sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus are recorded.',
+        'Do not run a full server deploy as a substitute for a targeted backend hotfix.',
+        'Do not continue the ticket from route-only or release-status-only evidence.'
+    ]))).slice(0, 14);
+    var now = cleanDateString(input.now || new Date());
+    var createdAt = cleanDateString(existing.createdAt || existing.created_at || now);
+    var reason = cleanText(input.reason || existing.reason || (continuation === null || continuation === void 0 ? void 0 : continuation.reason) || validation.blockers.join('; '), 1000);
+    var contractId = cleanText(existing.contractId || existing.contract_id, 160)
+        || "hotfix-durability-".concat(fingerprintResolveIOAIManagerBlocker([
+            action,
+            reason,
+            phaseOrder.join('|'),
+            createdAt.slice(0, 16)
+        ].join('\n')).slice(0, 16));
+    var nextSafeAction = !required
+        ? 'continue'
+        : liveHotfixBlockedUntilCommit
+            ? 'commit_and_push_hotfix_to_github'
+            : validation.valid
+                ? (releaseGatePassed ? 'continue_current_runner' : 'rerun_smallest_release_gate')
+                : 'apply_backend_hotfix_only_after_commit_proof';
+    var hotfixCommitGuard = {
+        required: required,
+        blocks_live_hotfix: liveHotfixBlockedUntilCommit,
+        passed: commitProofPassed,
+        status: commitProofPassed ? 'passed' : 'missing',
+        sourceCommitSha: sourceCommitSha,
+        githubCommitUrl: githubCommitUrl,
+        gitCommitStatus: gitCommitStatus,
+        gitPushStatus: gitPushStatus,
+        missingFields: missingCommitProofFields,
+        required_fields: ['sourceCommitSha', 'githubCommitUrl', 'gitCommitStatus=passed', 'gitPushStatus=passed'],
+        next_action: liveHotfixBlockedUntilCommit ? 'commit_and_push_hotfix_to_github' : 'record_hotfix_evidence'
+    };
+    var contract = {
+        contractId: contractId,
+        contract_id: contractId,
+        createdAt: createdAt,
+        created_at: createdAt,
+        updatedAt: now,
+        updated_at: now,
+        source: cleanText(input.source || existing.source || 'ai_manager_hotfix_durability', 160),
+        required: required,
+        action: action,
+        status: status,
+        reason: reason,
+        canPrepareHotfixPatch: canPrepareHotfixPatch,
+        can_prepare_hotfix_patch: canPrepareHotfixPatch,
+        canHotfixBackend: canHotfixBackend,
+        can_hotfix_backend: canHotfixBackend,
+        liveHotfixBlockedUntilCommit: liveHotfixBlockedUntilCommit,
+        live_hotfix_blocked_until_commit: liveHotfixBlockedUntilCommit,
+        durabilityProtocol: durabilityProtocol,
+        durability_protocol: durabilityProtocol,
+        commitFirstProtocolRequired: commitFirstProtocolRequired,
+        commit_first_protocol_required: commitFirstProtocolRequired,
+        commitFirstProtocolSatisfied: commitFirstProtocolSatisfied,
+        commit_first_protocol_satisfied: commitFirstProtocolSatisfied,
+        liveHotfixAllowed: liveHotfixAllowed,
+        live_hotfix_allowed: liveHotfixAllowed,
+        managerContinuationAllowed: managerContinuationAllowed,
+        manager_continuation_allowed: managerContinuationAllowed,
+        commitProofPassed: commitProofPassed,
+        commit_proof_passed: commitProofPassed,
+        commitProofStatus: commitProofPassed ? 'passed' : 'missing',
+        commit_proof_status: commitProofPassed ? 'passed' : 'missing',
+        sourceCommitSha: sourceCommitSha,
+        source_commit_sha: sourceCommitSha,
+        githubCommitUrl: githubCommitUrl,
+        github_commit_url: githubCommitUrl,
+        gitCommitStatus: gitCommitStatus,
+        git_commit_status: gitCommitStatus,
+        gitPushStatus: gitPushStatus,
+        git_push_status: gitPushStatus,
+        missingCommitProofFields: missingCommitProofFields,
+        missing_commit_proof_fields: missingCommitProofFields,
+        nextSafeAction: nextSafeAction,
+        next_safe_action: nextSafeAction,
+        phaseOrder: phaseOrder,
+        phase_order: phaseOrder,
+        requiredFields: requiredFields,
+        required_fields: requiredFields,
+        requiredEvidence: requiredEvidence,
+        required_evidence: requiredEvidence,
+        successCriteria: successCriteria,
+        success_criteria: successCriteria,
+        forbiddenActions: forbiddenActions,
+        forbidden_actions: forbiddenActions,
+        hotfixCommitGuard: hotfixCommitGuard,
+        hotfix_commit_guard: hotfixCommitGuard,
+        githubCommitGuard: __assign(__assign({}, githubCommitGuard), { required: required, passed: commitProofPassed, status: commitProofPassed ? 'passed' : (required ? 'missing' : githubCommitGuard.status), managerMustCommitBeforeHotfix: liveHotfixBlockedUntilCommit, sourceCommitSha: sourceCommitSha, githubCommitUrl: githubCommitUrl, gitCommitStatus: gitCommitStatus, gitPushStatus: gitPushStatus }),
+        github_commit_guard: __assign(__assign({}, githubCommitGuard), { required: required, passed: commitProofPassed, status: commitProofPassed ? 'passed' : (required ? 'missing' : githubCommitGuard.status), managerMustCommitBeforeHotfix: liveHotfixBlockedUntilCommit, sourceCommitSha: sourceCommitSha, githubCommitUrl: githubCommitUrl, gitCommitStatus: gitCommitStatus, gitPushStatus: gitPushStatus }),
+        validation: validation,
+        continuation: continuation,
+        extraRequest: '',
+        extra_request: ''
+    };
+    contract.extraRequest = hotfixDurabilityExtraRequest(contract);
+    contract.extra_request = contract.extraRequest;
+    return contract;
+}
+function decideResolveIOAIManagerHotfixContinuation(input) {
+    var e_7, _a;
+    var _b, _c;
+    if (input === void 0) { input = {}; }
+    var validation = validateResolveIOAIManagerHotfixEvidence(input.evidence, { policy: input.policy });
+    var failureClass = cleanText(input.failureClass, 120) || 'release';
+    var blockerText = cleanText(input.blocker || validation.blockers.join('; ') || ((_b = validation.normalized) === null || _b === void 0 ? void 0 : _b.hotfixCannotResolveReason), 1000);
+    var blockerFingerprint = fingerprintResolveIOAIManagerBlocker(blockerText || "".concat(validation.channel, ":").concat(validation.status, ":").concat(validation.nextAction));
+    var baseBlockers = __spreadArray([], __read(validation.blockers), false);
+    var githubCommitGuard = validation.githubCommitGuard || evaluateResolveIOAIManagerHotfixGitProof(input.evidence, validation.channel);
+    var needsGithubCommitProof = githubCommitGuard.managerMustCommitBeforeHotfix
+        || validation.blockers.some(function (blocker) { return /sourceCommitSha|githubCommitUrl|gitPushStatus|gitCommitStatus|GitHub commit|pushed/i.test(blocker); });
+    var repeatedFailure = input.repeatedFailure === true;
+    var releaseGatePassed = input.releaseGatePassed === true
+        || hotfixStatusPassed((_c = validation.normalized) === null || _c === void 0 ? void 0 : _c.releaseGateStatus);
+    var action = validation.nextAction;
+    var canContinueRun = false;
+    var canRunFullDeploy = validation.fullDeployAllowed;
+    var shouldRerunReleaseGate = false;
+    var shouldPark = false;
+    var reason = '';
+    var nextCommands = [];
+    if (githubCommitGuard.managerMustCommitBeforeHotfix) {
+        action = 'record_hotfix_evidence';
+        reason = githubCommitGuard.blockers.length
+            ? "Manager hotfix cannot continue until the hotfix is committed and pushed: ".concat(githubCommitGuard.blockers.join('; '))
+            : 'Manager hotfix cannot continue until sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus prove the hotfix is committed and pushed to GitHub.';
+        nextCommands.push.apply(nextCommands, __spreadArray(__spreadArray([], __read(githubCommitGuard.nextCommands), false), ['rerun_hotfix_evidence_validator'], false));
+        try {
+            for (var _d = __values(githubCommitGuard.blockers), _e = _d.next(); !_e.done; _e = _d.next()) {
+                var blocker = _e.value;
+                if (!baseBlockers.includes(blocker)) {
+                    baseBlockers.push(blocker);
+                }
+            }
+        }
+        catch (e_7_1) { e_7 = { error: e_7_1 }; }
+        finally {
+            try {
+                if (_e && !_e.done && (_a = _d.return)) _a.call(_d);
+            }
+            finally { if (e_7) throw e_7.error; }
+        }
+    }
+    else if (!validation.valid || validation.status === 'missing' || validation.status === 'incomplete') {
+        action = validation.nextAction === 'request_force_deploy_reason'
+            ? 'request_force_deploy_reason'
+            : 'record_hotfix_evidence';
+        reason = validation.blockers.length
+            ? "Hotfix evidence is not complete: ".concat(validation.blockers.join('; '))
+            : 'Hotfix evidence is missing; record the hotfix target, checksum, restart, health, and self-test proof before continuing.';
+        if (needsGithubCommitProof) {
+            nextCommands.push('commit_and_push_hotfix_to_github', 'verify_github_commit_url_and_push_status');
+        }
+        nextCommands.push('record_hotfix_evidence', 'rerun_hotfix_evidence_validator');
+    }
+    else if (validation.fullDeployAllowed) {
+        action = 'allow_one_full_deploy';
+        canRunFullDeploy = true;
+        reason = 'Hotfix evidence proves the duplicate release cannot be resolved by a hotfix, or a new artifact was verified, so exactly one full deploy can proceed.';
+        nextCommands.push('run_release_gate_once', 'execute_one_full_deploy_with_force_evidence', 'record_deploy_result');
+    }
+    else if (repeatedFailure) {
+        action = 'park_manual';
+        shouldPark = true;
+        reason = 'The same release failure repeated after valid hotfix evidence; park for manual review instead of looping or redeploying blindly.';
+        nextCommands.push('park_manual_with_hotfix_evidence', 'attach_release_gate_logs');
+    }
+    else if (validation.hotfixSatisfied && releaseGatePassed) {
+        action = 'continue_runner';
+        canContinueRun = true;
+        reason = 'Hotfix evidence and the release gate both passed; continue the current runner without a full deploy.';
+        nextCommands.push('continue_current_runner', 'record_hotfix_continuation');
+    }
+    else if (validation.hotfixSatisfied) {
+        action = 'rerun_release_gate';
+        shouldRerunReleaseGate = true;
+        reason = 'Hotfix evidence passed; rerun the smallest release gate before continuing the runner.';
+        nextCommands.push('rerun_release_gate_once', 'record_release_gate_status');
+    }
+    else {
+        action = 'park_manual';
+        shouldPark = true;
+        reason = 'Hotfix evidence reached an unsupported state; park instead of starting another broad deploy or model loop.';
+        baseBlockers.push('Unsupported hotfix continuation state.');
+        nextCommands.push('park_manual_with_hotfix_evidence');
+    }
+    return {
+        action: action,
+        canContinueRun: canContinueRun,
+        canRunFullDeploy: canRunFullDeploy,
+        shouldRerunReleaseGate: shouldRerunReleaseGate,
+        shouldPark: shouldPark,
+        reason: reason,
+        blockers: baseBlockers,
+        warnings: validation.warnings,
+        requiredEvidence: validation.requiredEvidence,
+        successEvidence: validation.successEvidence,
+        nextCommands: Array.from(new Set(nextCommands)),
+        failureClass: failureClass,
+        blockerFingerprint: blockerFingerprint,
+        githubCommitGuard: githubCommitGuard,
+        validation: validation,
+        recordedAt: isoNow(input.now)
+    };
+}
+function decideResolveIOAIManagerHotfixCommitGuard(input) {
+    if (input === void 0) { input = {}; }
+    var normalized = normalizeResolveIOAIManagerHotfixEvidence(input.evidence, input.policy);
+    var validation = validateResolveIOAIManagerHotfixEvidence(input.evidence, { policy: input.policy });
+    var githubCommitGuard = validation.githubCommitGuard || evaluateResolveIOAIManagerHotfixGitProof(input.evidence, validation.channel);
+    var active = !!normalized || githubCommitGuard.required === true;
+    var hotfixCommitBlockers = validation.blockers.filter(function (blocker) { return /sourceCommitSha|githubCommitUrl|gitPushStatus|gitCommitStatus|GitHub commit|pushed/i.test(blocker); });
+    var blockers = Array.from(new Set(__spreadArray(__spreadArray([], __read((githubCommitGuard.blockers || [])), false), __read(hotfixCommitBlockers), false)));
+    var blocked = active && (githubCommitGuard.managerMustCommitBeforeHotfix === true
+        || (githubCommitGuard.required === true && githubCommitGuard.passed !== true)
+        || hotfixCommitBlockers.length > 0);
+    var nextCommands = blocked
+        ? Array.from(new Set(__spreadArray(__spreadArray([], __read((githubCommitGuard.nextCommands || [])), false), [
+            'commit_and_push_hotfix_to_github',
+            'verify_github_commit_url_and_push_status',
+            'record_hotfix_evidence'
+        ], false)))
+        : [];
+    return {
+        active: active,
+        blocked: blocked,
+        reason: blocked
+            ? (blockers.length
+                ? "Hotfix continuation is blocked until GitHub commit proof is recorded: ".concat(blockers.join('; '))
+                : 'Hotfix continuation is blocked until sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus prove the hotfix is committed and pushed to GitHub.')
+            : (active ? 'Hotfix GitHub commit proof is recorded.' : 'No hotfix commit guard is active.'),
+        nextAction: blocked ? 'record_hotfix_evidence' : 'continue',
+        channel: validation.channel || githubCommitGuard.channel || '',
+        blockers: blockers,
+        nextCommands: nextCommands,
+        requiredEvidence: githubCommitGuard.requiredEvidence,
+        githubCommitGuard: githubCommitGuard,
+        validation: validation
+    };
+}
+function releaseStatusIsBlocked(value) {
+    return /fail|error|blocked|missing|empty|not ready|not_ready|denied|invalid|timeout|stale/i.test(value);
+}
+function releaseStatusIsTerminalDeploy(value) {
+    return /requested|queued|in.?progress|completed|complete|success|succeeded|pass|passed|published|deployed|failed|error|blocked/i.test(value);
+}
+function buildReleaseAllowedActions(action) {
+    if (action === 'wait_for_active_deploy') {
+        return ['wait_for_current_deploy_result', 'collect_current_deploy_log', 'refresh_release_snapshot'];
+    }
+    if (action === 'block_duplicate_deploy') {
+        return ['collect_existing_deploy_evidence', 'hotfix_release_artifact', 'request_force_deploy_with_reason'];
+    }
+    if (action === 'block_duplicate_publish') {
+        return ['collect_existing_publish_evidence', 'hotfix_release_artifact', 'request_force_publish_with_reason'];
+    }
+    if (action === 'review_force_deploy') {
+        return ['verify_force_deploy_reason', 'rerun_failed_release_gate_once', 'record_force_deploy_evidence'];
+    }
+    if (action === 'deploy_new_artifact_after_release_gate') {
+        return ['verify_new_artifact_fingerprint', 'run_release_gate_once', 'record_publish_deploy_evidence'];
+    }
+    if (action === 'build_artifact_first') {
+        return ['build_missing_release_artifact', 'record_artifact_fingerprint', 'run_release_gate_once'];
+    }
+    return ['hotfix_live_runner_or_release_artifact', 'rerun_failed_release_gate_only', 'record_release_evidence'];
+}
+function hotfixStep(id, label, channel, options) {
+    if (options === void 0) { options = {}; }
+    return {
+        id: id,
+        label: label,
+        channel: channel,
+        safeToAutoRun: options.safeToAutoRun === true,
+        requiresFullDeploy: options.requiresFullDeploy === true,
+        requiredEvidence: options.requiredEvidence || [],
+        successEvidence: options.successEvidence || [],
+        blockedBy: options.blockedBy || []
+    };
+}
+function buildHotfixFirstReleasePlan(input) {
+    var surface = cleanText(input.surface || 'runner', 80)
+        .toLowerCase()
+        .replace(/[^a-z0-9]+/g, '_')
+        .replace(/^_+|_+$/g, '') || 'runner';
+    var commonAcceptance = [
+        'failed release gate is rerun once and passes',
+        'artifact fingerprint or hotfix evidence is recorded',
+        'operator console shows no active duplicate deploy blocker'
+    ];
+    if (input.action === 'wait_for_active_deploy') {
+        return {
+            planId: "".concat(surface, ":wait_for_active_deploy"),
+            label: 'Wait For Active Deploy',
+            recommendedChannel: 'release_artifact',
+            reason: input.reason,
+            fullDeployAvoided: true,
+            steps: [
+                hotfixStep('collect_active_deploy_log', 'Collect active deploy log', 'release_artifact', {
+                    safeToAutoRun: true,
+                    requiredEvidence: ['active deploy id or release operation id'],
+                    successEvidence: ['terminal deploy status and release log captured']
+                })
+            ],
+            acceptanceEvidence: commonAcceptance,
+            escalationTriggers: ['active deploy exceeds timeout', 'active deploy fails without a release log']
+        };
+    }
+    if (input.action === 'deploy_new_artifact_after_release_gate') {
+        return {
+            planId: "".concat(surface, ":deploy_new_artifact_after_release_gate"),
+            label: 'Deploy New Artifact After Release Gate',
+            recommendedChannel: 'new_artifact_deploy',
+            reason: input.reason,
+            fullDeployAvoided: false,
+            steps: [
+                hotfixStep('verify_new_artifact_fingerprint', 'Verify new artifact fingerprint', 'new_artifact_deploy', {
+                    safeToAutoRun: true,
+                    requiresFullDeploy: true,
+                    requiredEvidence: ['current artifact fingerprint differs from last deployed fingerprint'],
+                    successEvidence: ['release gate permits one full deploy']
+                })
+            ],
+            acceptanceEvidence: [
+                'new artifact fingerprint recorded',
+                'release gate passed before full deploy',
+                'deploy/publish result recorded'
+            ],
+            escalationTriggers: ['artifact fingerprint matches last deploy', 'release gate fails']
+        };
+    }
+    if (input.action === 'build_artifact_first') {
+        return {
+            planId: "".concat(surface, ":build_artifact_first"),
+            label: 'Build Artifact First',
+            recommendedChannel: 'artifact_build',
+            reason: input.reason,
+            fullDeployAvoided: true,
+            steps: [
+                hotfixStep('build_once_record_fingerprint', 'Build once and record fingerprint', 'artifact_build', {
+                    safeToAutoRun: false,
+                    requiredEvidence: ['missing artifact fingerprint', 'release gate reason for building'],
+                    successEvidence: ['artifact fingerprint recorded before any deploy']
+                })
+            ],
+            acceptanceEvidence: ['artifact fingerprint exists', 'no deploy queued before release gate'],
+            escalationTriggers: ['build repeats without a new fingerprint', 'build failure lacks compile log']
+        };
+    }
+    if (input.action === 'review_force_deploy') {
+        return {
+            planId: "".concat(surface, ":review_force_deploy"),
+            label: 'Review Force Deploy',
+            recommendedChannel: 'force_deploy_review',
+            reason: input.reason,
+            fullDeployAvoided: false,
+            steps: [
+                hotfixStep('verify_force_deploy_reason', 'Verify force deploy reason', 'force_deploy_review', {
+                    requiredEvidence: ['explicit force_deploy reason', 'why hotfix cannot resolve the release blocker'],
+                    successEvidence: ['one allowed deploy attempt is recorded with reason']
+                })
+            ],
+            acceptanceEvidence: ['force deploy evidence recorded', 'duplicate fingerprint exception is auditable'],
+            escalationTriggers: ['force deploy reason is empty', 'same force deploy fails twice']
+        };
+    }
+    return {
+        planId: "".concat(surface, ":").concat(input.action),
+        label: input.action === 'block_duplicate_deploy'
+            ? 'Hotfix Or Force Deploy'
+            : input.action === 'block_duplicate_publish'
+                ? 'Hotfix Or Force Publish'
+                : 'Hotfix Release Artifact',
+        recommendedChannel: input.action === 'block_duplicate_publish'
+            ? 'release_artifact'
+            : input.releaseBlocked ? 'release_artifact' : 'static_ui',
+        reason: input.reason,
+        fullDeployAvoided: true,
+        steps: [
+            hotfixStep('static_ui_hotfix', 'Static UI hotfix', 'static_ui', {
+                safeToAutoRun: true,
+                requiredEvidence: ['sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus', 'built dist path', 'target S3 bucket and CloudFront distribution', 'changed frontend bundle or asset list'],
+                successEvidence: ['GitHub commit and push proof', 'S3 upload result', 'CloudFront invalidation id', 'public bundle contains expected hotfix marker']
+            }),
+            hotfixStep('backend_js_hotfix', 'Backend JS hotfix', 'backend_js', {
+                requiredEvidence: ['sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus', 'compiled JS artifact path', 'target backend host', 'diff limited to runner/operator code'],
+                successEvidence: ['GitHub commit and push proof', 'remote file checksum', 'service restart or process reload evidence', 'self-test passes']
+            }),
+            hotfixStep('config_seed_cache_restart', 'Config, seed, cache, or restart repair', 'config', {
+                safeToAutoRun: true,
+                requiredEvidence: ['sourceCommitSha, githubCommitUrl, passed gitCommitStatus, and passed gitPushStatus', 'exact config/seed/cache key or process name', 'why no product artifact changed'],
+                successEvidence: ['GitHub commit and push proof', 'release gate rerun result', 'operator console release snapshot refreshed']
+            })
+        ],
+        acceptanceEvidence: commonAcceptance,
+        escalationTriggers: [
+            'hotfix changes customer-facing product code outside the release artifact',
+            'same release gate fails twice after hotfix evidence',
+            'same publish fingerprint is retried without force_publish evidence',
+            'force deploy is requested without a reason'
+        ]
+    };
+}
+function buildResolveIOAIManagerHotfixFirstReleasePolicy(input) {
+    if (input === void 0) { input = {}; }
+    var surface = cleanText(input.surface || 'runner', 120);
+    var deployStatus = cleanText(input.deployStatus, 160);
+    var publishStatus = cleanText(input.publishStatus, 160);
+    var sampleDataStatus = cleanText(input.sampleDataStatus, 160);
+    var deployFingerprint = cleanText(input.deployFingerprint, 240);
+    var lastDeployFingerprint = cleanText(input.lastDeployFingerprint, 240);
+    var publishFingerprint = cleanText(input.publishFingerprint, 240);
+    var lastPublishFingerprint = cleanText(input.lastPublishFingerprint, 240);
+    var fingerprintMatchesLast = !!deployFingerprint && !!lastDeployFingerprint && deployFingerprint === lastDeployFingerprint;
+    var publishFingerprintMatchesLast = !!publishFingerprint && !!lastPublishFingerprint && publishFingerprint === lastPublishFingerprint;
+    var releaseBlocked = [deployStatus, publishStatus, sampleDataStatus].some(releaseStatusIsBlocked);
+    var duplicateDeployBlocked = fingerprintMatchesLast
+        && input.forceDeploy !== true
+        && releaseStatusIsTerminalDeploy([deployStatus, publishStatus].filter(Boolean).join(' '));
+    var duplicatePublishBlocked = publishFingerprintMatchesLast
+        && input.forcePublish !== true
+        && releaseStatusIsBlocked(publishStatus)
+        && releaseStatusIsTerminalDeploy(publishStatus);
+    var recommendedAction = 'hotfix_release_artifact';
+    var label = 'Hotfix Release Artifact';
+    var reason = 'Repair the live runner/operator code, release config, domain, seed-data, or release artifact and rerun only the failed release gate.';
+    var fullDeployAllowed = false;
+    if (input.activeDeploy === true) {
+        recommendedAction = 'wait_for_active_deploy';
+        label = 'Wait For Active Deploy';
+        reason = 'A deploy is already queued or running; collect that result before spending another deploy cycle.';
+    }
+    else if (duplicateDeployBlocked) {
+        recommendedAction = 'block_duplicate_deploy';
+        label = 'Block Duplicate Deploy';
+        reason = 'The same artifact fingerprint already has release status; hotfix or provide explicit force_deploy evidence before rerunning it.';
+    }
+    else if (duplicatePublishBlocked) {
+        recommendedAction = 'block_duplicate_publish';
+        label = 'Block Duplicate Publish';
+        reason = 'The same publish fingerprint already has release status; hotfix the release artifact or provide explicit force_publish evidence before rerunning publish.';
+    }
+    else if ((fingerprintMatchesLast && input.forceDeploy === true) || (publishFingerprintMatchesLast && input.forcePublish === true)) {
+        recommendedAction = 'review_force_deploy';
+        label = 'Review Force Deploy';
+        reason = input.forcePublish === true
+            ? 'force_publish was explicitly requested for a repeated publish artifact; require a reason and rerun only the failed release gate.'
+            : 'force_deploy was explicitly requested for a repeated artifact; require a reason and rerun only the failed release gate.';
+        fullDeployAllowed = true;
+    }
+    else if (input.hasNewArtifact === false && !releaseBlocked) {
+        recommendedAction = 'build_artifact_first';
+        label = 'Build Artifact First';
+        reason = 'No release artifact fingerprint is available yet; build once, record the fingerprint, and avoid repeated deploys.';
+    }
+    else if (input.hasNewArtifact === true && !releaseBlocked) {
+        recommendedAction = 'deploy_new_artifact_after_release_gate';
+        label = 'Deploy New Artifact After Release Gate';
+        reason = 'A new artifact can be deployed after the release gate proves the artifact is new and ready.';
+        fullDeployAllowed = true;
+    }
+    var allowedActions = buildReleaseAllowedActions(recommendedAction);
+    var hotfixPlan = buildHotfixFirstReleasePlan({
+        action: recommendedAction,
+        surface: surface,
+        reason: reason,
+        releaseBlocked: releaseBlocked
+    });
+    return {
+        policy: 'hotfix_first',
+        surface: surface,
+        recommendedAction: recommendedAction,
+        label: label,
+        reason: reason,
+        hotfixPreferred: recommendedAction !== 'deploy_new_artifact_after_release_gate' && recommendedAction !== 'review_force_deploy',
+        fullDeployAllowed: fullDeployAllowed,
+        duplicateDeployBlocked: duplicateDeployBlocked,
+        duplicatePublishBlocked: duplicatePublishBlocked,
+        forceDeployRequiredToRepeat: true,
+        forcePublishRequiredToRepeat: true,
+        statuses: {
+            deploy: deployStatus,
+            publish: publishStatus,
+            sampleData: sampleDataStatus
+        },
+        fingerprints: {
+            current: deployFingerprint,
+            last: lastDeployFingerprint,
+            matchesLast: fingerprintMatchesLast,
+            publishCurrent: publishFingerprint,
+            publishLast: lastPublishFingerprint,
+            publishMatchesLast: publishFingerprintMatchesLast
+        },
+        hotfixPlan: hotfixPlan,
+        allowedActions: allowedActions,
+        forbiddenActions: [
+            'rerun full builder loop for a release-only blocker',
+            'queue duplicate deploy without force_deploy evidence',
+            'queue duplicate publish without force_publish evidence',
+            'publish/deploy again before reading the failed release log',
+            'change core workflow after business proof passed unless release evidence proves it is required'
+        ],
+        requiredEvidence: [
+            'failed release gate log or active deploy result',
+            'deploy artifact fingerprint comparison',
+            'publish artifact fingerprint comparison when publish is the failed gate',
+            'hotfix/config/seed/domain change evidence when no new product artifact is needed',
+            'force_deploy or force_publish reason when repeating the same fingerprint'
+        ]
+    };
+}
+function isResolveIOAIManagerSafeAutoDispatch(input) {
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j;
+    var normalizedInput = typeof input === 'string'
+        ? { dispatchAction: input }
+        : (input || {});
+    var dispatchAction = cleanText(normalizedInput.dispatchAction || ((_a = normalizedInput.directive) === null || _a === void 0 ? void 0 : _a.dispatchAction), 120);
+    var directiveAllowed = (_b = normalizedInput.directive) === null || _b === void 0 ? void 0 : _b.allowed;
+    var actionAutoRunnable = (_c = normalizedInput.action) === null || _c === void 0 ? void 0 : _c.autoRunnable;
+    var productRepairAllowed = ((_d = normalizedInput.directive) === null || _d === void 0 ? void 0 : _d.canRunProductRepair) === true
+        || ((_e = normalizedInput.directive) === null || _e === void 0 ? void 0 : _e.productRepairAllowed) === true
+        || ((_f = normalizedInput.action) === null || _f === void 0 ? void 0 : _f.productRepairAllowed) === true;
+    var expensiveModelAllowed = ((_g = normalizedInput.directive) === null || _g === void 0 ? void 0 : _g.canRunExpensiveModel) === true
+        || ((_h = normalizedInput.directive) === null || _h === void 0 ? void 0 : _h.expensiveModelAllowed) === true
+        || ((_j = normalizedInput.action) === null || _j === void 0 ? void 0 : _j.expensiveModelAllowed) === true;
+    if (!dispatchAction || dispatchAction === 'park_manual') {
+        return false;
+    }
+    if (directiveAllowed === false || actionAutoRunnable === false) {
+        return false;
+    }
+    if ([
+        'run_evidence_probe',
+        'run_read_only_diagnosis',
+        'run_infra_repair',
+        'run_compile_repair'
+    ].includes(dispatchAction)) {
+        return true;
+    }
+    if (dispatchAction === 'run_release_repair') {
+        return normalizedInput.includeReleaseRepair !== false;
+    }
+    if (dispatchAction === 'run_journey_contract_repair') {
+        return normalizedInput.includeJourneyContractRepair !== false && productRepairAllowed !== true;
+    }
+    if (dispatchAction === 'run_business_assertion_repair') {
+        return normalizedInput.includeBusinessProofRepair === true
+            && productRepairAllowed !== true
+            && expensiveModelAllowed !== true;
+    }
+    if (dispatchAction === 'run_targeted_product_repair') {
+        return normalizedInput.includeProductRepair === true
+            && productRepairAllowed === true
+            && expensiveModelAllowed !== true;
+    }
+    return dispatchAction === 'advance' || dispatchAction === 'continue_gate';
+}
+function isoNow(value) {
+    if (value instanceof Date) {
+        return value.toISOString();
+    }
+    var parsed = value ? new Date(value) : new Date();
+    if (Number.isFinite(parsed.getTime())) {
+        return parsed.toISOString();
+    }
+    return new Date().toISOString();
+}
+function stableHash(prefix, value) {
+    var normalized = typeof value === 'string'
+        ? cleanText(value, 12000)
+        : JSON.stringify(value || {});
+    var hash = 0;
+    for (var index = 0; index < normalized.length; index += 1) {
+        hash = ((hash << 5) - hash + normalized.charCodeAt(index)) | 0;
+    }
+    return "".concat(prefix, "-").concat(Math.abs(hash).toString(36) || '0');
+}
+function normalizeResolveIOAIManagerFailureClass(value) {
+    var normalized = cleanText(value, 80)
+        .toLowerCase()
+        .replace(/[\s-]+/g, '_');
+    if (!normalized) {
+        return 'unknown';
+    }
+    if (/^(qa_infra|infrastructure|harness|puppeteer|chrome|mongo|port|startup)$/.test(normalized)) {
+        return 'infra';
+    }
+    if (/^(build|compile|typescript|tsc|angular_build|ng_build)$/.test(normalized)) {
+        return 'compile';
+    }
+    if (/^(false_pass|route_only|missing_business_proof)$/.test(normalized)) {
+        return 'business';
+    }
+    return normalized.slice(0, 80);
+}
+function fingerprintResolveIOAIManagerBlocker(value) {
+    var normalized = cleanText(value, 4000)
+        .toLowerCase()
+        .replace(/[a-f0-9]{16,}/g, '<id>')
+        .replace(/\b\d{2,}\b/g, '<n>')
+        .replace(/\bline\s+<n>\b/g, 'line <n>')
+        .replace(/https?:\/\/\S+/g, '<url>')
+        .replace(/\s+/g, ' ')
+        .trim();
+    return stableHash('mgr-blocker', normalized);
+}
+function resolveResolveIOAIManagerBlockerFingerprint(record, fallback) {
+    var blockerText = cleanText((record === null || record === void 0 ? void 0 : record.blocker) || (record === null || record === void 0 ? void 0 : record.summary), 4000);
+    if (blockerText) {
+        return fingerprintResolveIOAIManagerBlocker(blockerText);
+    }
+    var explicit = cleanText(record === null || record === void 0 ? void 0 : record.blockerFingerprint, 120);
+    if (explicit) {
+        return explicit;
+    }
+    return fingerprintResolveIOAIManagerBlocker(fallback || '');
+}
+function hashResolveIOAIManagerEvidence(record) {
+    if (!record) {
+        return stableHash('mgr-evidence', '');
+    }
+    var explicit = cleanText(record.evidenceHash, 120);
+    if (explicit) {
+        return explicit;
+    }
+    return stableHash('mgr-evidence', {
+        failureClass: normalizeResolveIOAIManagerFailureClass(record.failureClass),
+        blocker: cleanText(record.blocker || record.summary, 2000),
+        changedFiles: cleanList(record.changedFiles, 80, 500).sort(),
+        artifactPaths: cleanList(record.artifactPaths, 80, 500).sort()
+    });
+}
+function buildResolveIOAIManagerRecoveryCheckpoint(input) {
+    var plan = input.plan;
+    var current = input.current || {};
+    var blockerFingerprint = resolveResolveIOAIManagerBlockerFingerprint(current, plan.objective);
+    var evidenceHash = hashResolveIOAIManagerEvidence(current);
+    var changedFiles = cleanList(current.changedFiles, 80, 500);
+    var artifactPaths = cleanList(current.artifactPaths, 80, 500);
+    var previous = input.previousCheckpoint;
+    var sameCheckpointBase = previous
+        && previous.recoveryClass === plan.recoveryClass
+        && previous.lane === plan.lane
+        && previous.stepType === plan.stepType
+        && previous.blockerFingerprint === blockerFingerprint
+        && previous.evidenceHash === evidenceHash;
+    var attempts = sameCheckpointBase ? Math.max(0, Number(previous.attempts || 0)) + 1 : 1;
+    var status = plan.recoveryClass === 'manual_handoff'
+        ? 'manual_handoff'
+        : plan.recoveryClass === 'blocked_until_new_evidence'
+            ? 'parked'
+            : plan.recoveryClass === 'advance_after_proof'
+                ? 'complete'
+                : 'active';
+    var now = isoNow(input.now);
+    var checkpointId = stableHash('mgr-recovery', {
+        recoveryClass: plan.recoveryClass,
+        lane: plan.lane,
+        stepType: plan.stepType,
+        allowedAction: plan.allowedAction,
+        blockerFingerprint: blockerFingerprint,
+        evidenceHash: evidenceHash
+    });
+    return {
+        checkpointId: checkpointId,
+        recoveryClass: plan.recoveryClass,
+        status: status,
+        lane: plan.lane,
+        stepType: plan.stepType,
+        allowedAction: plan.allowedAction,
+        productRepairAllowed: plan.productRepairAllowed,
+        expensiveModelAllowed: plan.expensiveModelAllowed,
+        attempts: attempts,
+        maxAttemptsBeforePark: plan.maxAttemptsBeforePark,
+        blockerFingerprint: blockerFingerprint,
+        evidenceHash: evidenceHash,
+        changedFiles: changedFiles,
+        artifactPaths: artifactPaths,
+        requiredEvidence: cleanList(plan.requiredEvidence, 40, 500),
+        loopResetEvidence: cleanList(plan.loopResetEvidence, 40, 500),
+        forbiddenActions: cleanList(plan.forbiddenActions, 40, 500),
+        objective: cleanText(plan.objective, 1000),
+        nextActionLabel: cleanText(plan.nextActionLabel, 160),
+        createdAt: sameCheckpointBase && (previous === null || previous === void 0 ? void 0 : previous.createdAt) ? previous.createdAt : now,
+        updatedAt: now
+    };
+}
+function makeRecoveryEvidenceProbeStep(id, kind, label, objective, artifactExpectation, successSignal, options) {
+    if (options === void 0) { options = {}; }
+    return __assign(__assign({ id: id, kind: kind, label: label, objective: cleanText(objective, 1000), required: options.required !== false }, (options.commandHint ? { commandHint: cleanText(options.commandHint, 500) } : {})), { artifactExpectation: cleanText(artifactExpectation, 500), successSignal: cleanText(successSignal, 500) });
+}
+function recoveryEvidenceProbeStepsFor(checkpoint) {
+    var base = [
+        makeRecoveryEvidenceProbeStep('snapshot_current_blocker', 'rerun_same_gate', 'Snapshot Current Blocker', 'Capture the current blocker, failure class, evidence hash, changed files, and artifact paths before any new repair.', 'runner-evidence/current-blocker.json', 'Snapshot includes the same checkpointId, blockerFingerprint, and evidenceHashBefore.')
+    ];
+    if (checkpoint.recoveryClass === 'diagnosis_only' || checkpoint.recoveryClass === 'diagnosis_revision') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('collect_read_only_root_cause_evidence', 'read_only_diagnosis', 'Collect Read-Only Root-Cause Evidence', checkpoint.recoveryClass === 'diagnosis_revision'
+                ? 'Collect new evidence that proves the current owner_files or failing_path is wrong before broadening scope.'
+                : 'Reproduce or classify the issue and record the exact customer complaint, expected result, observed result, route/module, and account context.', 'runner-evidence/diagnosis-readonly.md', 'Evidence supports one falsifiable accepted hypothesis and at least one rejected alternative.'),
+            makeRecoveryEvidenceProbeStep('validate_diagnosis_gate', 'read_only_diagnosis', 'Validate Diagnosis Gate', 'Validate issue_case, accepted_hypothesis, rejected_alternatives, failing_path, owner_files, and before/action/after proof_plan.', 'runner-evidence/diagnosis-gate.json', 'Diagnosis gate validates before product-code repair is allowed.')
+        ], false);
+    }
+    if (checkpoint.recoveryClass === 'infra_repair') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('run_infra_preflight', 'infra_preflight', 'Run Infra Preflight', 'Check Puppeteer/Chrome, ports, Mongo/settings, cache state, startup commands, and server/client process health.', 'runner-evidence/infra-preflight.log', 'The same infra gate either passes or returns a new infra blocker hash.', { commandHint: 'runner preflight: puppeteer/chrome/mongo/ports/startup' })
+        ], false);
+    }
+    if (checkpoint.recoveryClass === 'compile_repair') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('rerun_compile_gate', 'compile_check', 'Rerun Compile Gate', 'Rerun the same deterministic compile/build command and capture the first actionable error.', 'runner-evidence/compile.log', 'Compile passes or the first failing error changes.', { commandHint: 'same finite build/compile command from the failed gate' })
+        ], false);
+    }
+    if (checkpoint.recoveryClass === 'journey_contract_repair') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('validate_journey_contract', 'journey_validation', 'Validate Journey Contract', 'Validate docs/APP_JOURNEY_CONTRACT.md has first/next/last workflow, route/action/method mapping, seeded data story, completion states, and QA assertions.', 'runner-evidence/journey-contract-validation.json', 'Journey contract validates before build tasks continue.'),
+            makeRecoveryEvidenceProbeStep('verify_hub_workflow_mapping', 'journey_validation', 'Verify Hub Workflow Mapping', 'Confirm the hub CTA and screen sequence implement the journey contract instead of link-only navigation.', 'runner-evidence/hub-workflow-map.json', 'Primary hub action maps to a real route/action/method/calculation and next state.')
+        ], false);
+    }
+    if (checkpoint.recoveryClass === 'business_proof_repair' || checkpoint.recoveryClass === 'product_code_repair') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('rerun_business_assertion', 'business_assertion', 'Rerun Business Assertion', 'Run the exact issue/app promise proof and capture before/action/after DOM/data evidence.', 'runner-evidence/business-assertion.json', 'Business assertion passes, or the observed failure changes with a new artifact path.'),
+            makeRecoveryEvidenceProbeStep('check_diff_scope', 'diff_scope_check', 'Check Diff Scope', 'Compare changed files against the current diagnosis/journey owner scope before another code repair.', 'runner-evidence/diff-scope.json', 'Changed files are in scope, or diagnosis/journey scope is revised with evidence.')
+        ], false);
+    }
+    if (checkpoint.recoveryClass === 'release_repair') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('collect_release_status', 'release_status', 'Collect Release Status', 'Collect publish/deploy/build-instance/domain/CloudFront status and the last actionable deploy error.', 'runner-evidence/release-status.json', 'Release gate passes or returns a new release blocker hash without product-code repair.')
+        ], false);
+    }
+    if (checkpoint.recoveryClass === 'manual_handoff') {
+        return __spreadArray(__spreadArray([], __read(base), false), [
+            makeRecoveryEvidenceProbeStep('operator_review_checkpoint', 'operator_review', 'Operator Review Checkpoint', 'Expose budget, blocker, evidence hash, and the minimum policy/scope change needed before another expensive loop.', 'runner-evidence/operator-review.json', 'Operator approves a new scope/policy or provides new external evidence.')
+        ], false);
+    }
+    return __spreadArray(__spreadArray([], __read(base), false), [
+        makeRecoveryEvidenceProbeStep('rerun_same_deterministic_gate', 'rerun_same_gate', 'Rerun Same Deterministic Gate', 'Rerun the exact failed check and capture new logs/artifacts without changing product code first.', 'runner-evidence/retry-gate.log', 'Gate passes, or evidenceHash/blockerFingerprint/artifactPaths change.')
+    ], false);
+}
+function buildResolveIOAIManagerRecoveryEvidenceProbe(input) {
+    var checkpoint = input.checkpoint;
+    var now = isoNow(input.now);
+    var steps = recoveryEvidenceProbeStepsFor(checkpoint);
+    var requiredArtifacts = Array.from(new Set(steps
+        .filter(function (step) { return step.required; })
+        .map(function (step) { return step.artifactExpectation; })
+        .filter(Boolean)));
+    return {
+        probeId: stableHash('mgr-probe', {
+            checkpointId: checkpoint.checkpointId,
+            recoveryClass: checkpoint.recoveryClass,
+            evidenceHash: checkpoint.evidenceHash,
+            blockerFingerprint: checkpoint.blockerFingerprint
+        }),
+        checkpointId: checkpoint.checkpointId,
+        recoveryClass: checkpoint.recoveryClass,
+        lane: checkpoint.lane,
+        stepType: checkpoint.stepType,
+        objective: checkpoint.status === 'parked'
+            ? 'Collect new evidence before any additional expensive model/code repair.'
+            : cleanText(checkpoint.objective, 1000),
+        evidenceOnly: checkpoint.status === 'parked'
+            || checkpoint.recoveryClass === 'diagnosis_only'
+            || checkpoint.recoveryClass === 'diagnosis_revision'
+            || checkpoint.recoveryClass === 'infra_repair'
+            || checkpoint.recoveryClass === 'compile_repair'
+            || checkpoint.recoveryClass === 'release_repair',
+        productRepairAllowed: checkpoint.productRepairAllowed && checkpoint.status !== 'parked',
+        expensiveModelAllowed: checkpoint.expensiveModelAllowed && checkpoint.status !== 'parked',
+        evidenceHashBefore: checkpoint.evidenceHash,
+        blockerFingerprint: checkpoint.blockerFingerprint,
+        steps: steps,
+        requiredArtifacts: requiredArtifacts,
+        acceptanceEvidence: Array.from(new Set(__spreadArray(__spreadArray(__spreadArray([], __read(checkpoint.requiredEvidence), false), __read(checkpoint.loopResetEvidence), false), __read(steps.map(function (step) { return step.successSignal; })), false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30),
+        stopConditions: Array.from(new Set(__spreadArray(__spreadArray([], __read(checkpoint.forbiddenActions), false), [
+            'no new evidence hash',
+            'no new artifact path',
+            'product-code repair requested while evidenceOnly is true'
+        ], false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30),
+        loopResetEvidence: checkpoint.loopResetEvidence,
+        createdAt: now
+    };
+}
+function recoveryAutomationModeFor(checkpoint) {
+    if (checkpoint.status === 'manual_handoff' || checkpoint.recoveryClass === 'manual_handoff') {
+        return 'manual_review';
+    }
+    if (checkpoint.status === 'complete' || checkpoint.recoveryClass === 'advance_after_proof') {
+        return 'advance';
+    }
+    if (checkpoint.status === 'parked' || checkpoint.recoveryClass === 'blocked_until_new_evidence') {
+        return 'collect_evidence';
+    }
+    if (checkpoint.recoveryClass === 'diagnosis_only' || checkpoint.recoveryClass === 'diagnosis_revision') {
+        return 'read_only_diagnosis';
+    }
+    if (checkpoint.recoveryClass === 'infra_repair') {
+        return 'repair_infra';
+    }
+    if (checkpoint.recoveryClass === 'compile_repair') {
+        return 'repair_compile';
+    }
+    if (checkpoint.recoveryClass === 'journey_contract_repair') {
+        return 'repair_journey_contract';
+    }
+    if (checkpoint.recoveryClass === 'business_proof_repair') {
+        return 'repair_business_assertion';
+    }
+    if (checkpoint.recoveryClass === 'release_repair') {
+        return 'repair_release';
+    }
+    if (checkpoint.recoveryClass === 'product_code_repair') {
+        return 'targeted_product_repair';
+    }
+    return 'continue_gate';
+}
+function recoveryActionLabelFor(mode, checkpoint) {
+    var explicit = cleanText(checkpoint.nextActionLabel, 120);
+    if (explicit && mode !== 'collect_evidence') {
+        return explicit;
+    }
+    var labels = {
+        advance: 'Advance To Next Gate',
+        collect_evidence: 'Collect New Evidence',
+        read_only_diagnosis: 'Run Diagnosis Evidence Pass',
+        repair_infra: 'Repair Infra Gate',
+        repair_compile: 'Repair Compile Gate',
+        repair_journey_contract: 'Repair Journey Contract',
+        repair_business_assertion: 'Repair Business Proof',
+        repair_release: 'Repair Release Gate',
+        targeted_product_repair: 'Run Targeted Repair',
+        manual_review: 'Manual Review',
+        continue_gate: 'Continue Current Gate'
+    };
+    return labels[mode];
+}
+function recoveryActionAutoRunnable(mode, probe) {
+    if (mode === 'manual_review') {
+        return false;
+    }
+    if (mode === 'advance' || mode === 'continue_gate') {
+        return true;
+    }
+    if (mode === 'targeted_product_repair' || mode === 'read_only_diagnosis' || mode === 'repair_journey_contract' || mode === 'repair_business_assertion') {
+        return true;
+    }
+    return probe.steps.some(function (step) { return step.commandHint || step.kind === 'rerun_same_gate' || step.kind === 'release_status' || step.kind === 'diff_scope_check'; });
+}
+function recoveryActionCostCeilingUsd(mode) {
+    var _a;
+    var map = {
+        advance: 0,
+        collect_evidence: 0.25,
+        read_only_diagnosis: 1,
+        repair_infra: 0.5,
+        repair_compile: 1.5,
+        repair_journey_contract: 2,
+        repair_business_assertion: 1.5,
+        repair_release: 0.75,
+        targeted_product_repair: 5,
+        manual_review: 0,
+        continue_gate: 0
+    };
+    return (_a = map[mode]) !== null && _a !== void 0 ? _a : 1;
+}
+function recoveryActionRequiredStateTransition(mode) {
+    var map = {
+        advance: 'current gate advances without repair after existing proof is accepted',
+        collect_evidence: 'blockerFingerprint or evidenceHash changes with material proof, or run remains parked',
+        read_only_diagnosis: 'diagnosis gate becomes valid or records a blocked-reproduction reason',
+        repair_infra: 'infra preflight changes from failed/blocked to passed, or records a new infra blocker',
+        repair_compile: 'compile/startup status changes from failed to passed, or records a new compile blocker',
+        repair_journey_contract: 'journey contract validates with first/next/last workflow proof',
+        repair_business_assertion: 'business assertion changes from missing/failed to passed with artifact proof',
+        repair_release: 'hotfix/release gate changes from blocked to passed, rerun_release_gate, or parked manual',
+        targeted_product_repair: 'owner-scoped diff is produced and deterministic proof advances to QA',
+        manual_review: 'operator records one explicit decision',
+        continue_gate: 'current gate records accepted proof and advances'
+    };
+    return map[mode] || 'runner records a validated state transition before continuing';
+}
+function recoveryActionProofRequiredBeforeContinuation(mode) {
+    return mode !== 'advance' && mode !== 'continue_gate' && mode !== 'manual_review';
+}
+function recoveryActionExitCriteria(input) {
+    return Array.from(new Set(__spreadArray(__spreadArray([
+        "exact dispatch action ".concat(input.dispatchAction, " completed or was parked"),
+        input.requiredStateTransition
+    ], __read((recoveryActionProofRequiredBeforeContinuation(input.mode) ? ['do not continue runner until required proof artifact is attached'] : [])), false), __read(input.stopWhen), false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30);
+}
+function recoveryReleaseHotfixCommands(policy) {
+    if (!policy) {
+        return [];
+    }
+    return Array.from(new Set(__spreadArray(__spreadArray(__spreadArray([], __read(policy.allowedActions), false), __read((policy.hotfixPreferred ? [
+        'prepare_hotfix_patch_without_live_apply',
+        'commit_and_push_hotfix_to_github',
+        'record_github_commit_for_hotfix',
+        'apply_live_hotfix_only_after_github_commit_proof'
+    ] : [])), false), [
+        'run_failed_release_gate_once',
+        'record_release_evidence'
+    ], false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 20);
+}
+function recoveryReleaseRequiredEvidence(policy) {
+    var _a;
+    if (!policy) {
+        return [];
+    }
+    var stepEvidence = (((_a = policy.hotfixPlan) === null || _a === void 0 ? void 0 : _a.steps) || []).flatMap(function (step) { return step.requiredEvidence || []; });
+    return Array.from(new Set(__spreadArray(__spreadArray(__spreadArray([], __read(policy.requiredEvidence), false), __read(stepEvidence), false), __read((policy.hotfixPreferred ? [
+        'full 40-character sourceCommitSha',
+        'matching githubCommitUrl',
+        'passed gitCommitStatus before any live hotfix is treated as durable',
+        'passed gitPushStatus before any live hotfix is treated as durable'
+    ] : [])), false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30);
+}
+function recoveryReleaseSuccessEvidence(policy) {
+    var _a, _b;
+    if (!policy) {
+        return [];
+    }
+    var stepEvidence = (((_a = policy.hotfixPlan) === null || _a === void 0 ? void 0 : _a.steps) || []).flatMap(function (step) { return step.successEvidence || []; });
+    return Array.from(new Set(__spreadArray(__spreadArray(__spreadArray([], __read((((_b = policy.hotfixPlan) === null || _b === void 0 ? void 0 : _b.acceptanceEvidence) || [])), false), __read(stepEvidence), false), __read((policy.hotfixPreferred ? ['GitHub commit and push proof validates before continuation'] : [])), false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30);
+}
+function buildResolveIOAIManagerRecoveryActionPacket(input) {
+    var checkpoint = input.checkpoint;
+    var probe = input.probe || buildResolveIOAIManagerRecoveryEvidenceProbe({
+        checkpoint: checkpoint,
+        current: input.current,
+        now: input.now
+    });
+    var mode = recoveryAutomationModeFor(checkpoint);
+    var primaryStep = probe.steps.find(function (step) { return step.required && step.id !== 'snapshot_current_blocker'; })
+        || probe.steps.find(function (step) { return step.required; })
+        || probe.steps[0];
+    var evidenceOnly = probe.evidenceOnly || mode === 'collect_evidence' || mode === 'repair_infra' || mode === 'repair_compile' || mode === 'repair_release';
+    var requireNewEvidence = mode === 'collect_evidence'
+        || checkpoint.status === 'parked'
+        || checkpoint.attempts >= checkpoint.maxAttemptsBeforePark;
+    var stopWhen = Array.from(new Set(__spreadArray(__spreadArray([], __read(probe.stopConditions), false), __read((requireNewEvidence ? ['same blocker fingerprint and same evidence hash after probe'] : [])), false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30);
+    var resetLoopWhen = Array.from(new Set(__spreadArray(__spreadArray(__spreadArray([], __read(checkpoint.loopResetEvidence), false), __read(probe.loopResetEvidence), false), __read((requireNewEvidence ? [
+        'new material evidence: changed blocker, validated diagnosis/journey, business proof, compile/infra/release proof, or new actionable trace',
+        'weak hash-only evidence does not reset the loop'
+    ] : [])), false).map(function (entry) { return cleanText(entry, 500); }).filter(Boolean))).slice(0, 30);
+    var nextCommands = probe.steps
+        .map(function (step) { return cleanText(step.commandHint || "".concat(step.kind, ":").concat(step.id), 500); })
+        .filter(Boolean)
+        .slice(0, 12);
+    var releasePolicy = mode === 'repair_release'
+        ? buildResolveIOAIManagerHotfixFirstReleasePolicy({
+            surface: 'manager_recovery',
+            deployStatus: checkpoint.stepType,
+            publishStatus: checkpoint.lane
+        })
+        : undefined;
+    var releaseNextCommands = recoveryReleaseHotfixCommands(releasePolicy);
+    var releaseRequiredEvidence = recoveryReleaseRequiredEvidence(releasePolicy);
+    var releaseSuccessEvidence = recoveryReleaseSuccessEvidence(releasePolicy);
+    var allowedDispatchAction = dispatchActionForMode(mode);
+    var requiredStateTransition = recoveryActionRequiredStateTransition(mode);
+    var proofRequiredBeforeContinuation = recoveryActionProofRequiredBeforeContinuation(mode);
+    var exitCriteria = recoveryActionExitCriteria({
+        mode: mode,
+        dispatchAction: allowedDispatchAction,
+        requiredStateTransition: requiredStateTransition,
+        stopWhen: stopWhen
+    });
+    var now = isoNow(input.now);
+    return __assign(__assign(__assign({ actionId: stableHash('mgr-action', {
+            checkpointId: checkpoint.checkpointId,
+            probeId: probe.probeId,
+            mode: mode,
+            evidenceHash: checkpoint.evidenceHash,
+            blockerFingerprint: checkpoint.blockerFingerprint
+        }), checkpointId: checkpoint.checkpointId, probeId: probe.probeId, recoveryClass: checkpoint.recoveryClass, mode: mode, singleActionOnly: true, allowedDispatchAction: allowedDispatchAction, label: recoveryActionLabelFor(mode, checkpoint), lane: checkpoint.lane, stepType: checkpoint.stepType, primaryStepKind: (primaryStep === null || primaryStep === void 0 ? void 0 : primaryStep.kind) || 'none', objective: mode === 'collect_evidence'
+            ? probe.objective
+            : cleanText(checkpoint.objective || probe.objective, 1000), evidenceOnly: evidenceOnly, autoRunnable: recoveryActionAutoRunnable(mode, probe), productRepairAllowed: checkpoint.productRepairAllowed && !evidenceOnly && checkpoint.status !== 'parked', expensiveModelAllowed: checkpoint.expensiveModelAllowed && checkpoint.status !== 'parked', costCeilingUsd: recoveryActionCostCeilingUsd(mode), requiredStateTransition: requiredStateTransition, proofRequiredBeforeContinuation: proofRequiredBeforeContinuation, canResetLoopAfterEvidence: resetLoopWhen.length > 0, maxAttemptsBeforePark: checkpoint.maxAttemptsBeforePark, requiredArtifacts: releasePolicy
+            ? Array.from(new Set(__spreadArray(__spreadArray([], __read(probe.requiredArtifacts), false), __read(releaseRequiredEvidence), false))).slice(0, 20)
+            : probe.requiredArtifacts.slice(0, 20), nextCommands: releasePolicy
+            ? Array.from(new Set(__spreadArray(__spreadArray([], __read(nextCommands), false), __read(releaseNextCommands), false))).slice(0, 20)
+            : nextCommands, successCriteria: releasePolicy
+            ? Array.from(new Set(__spreadArray(__spreadArray([], __read(probe.acceptanceEvidence), false), __read(releaseSuccessEvidence), false))).slice(0, 20)
+            : probe.acceptanceEvidence.slice(0, 20), exitCriteria: exitCriteria, retryPolicy: {
+            allowImmediateRetry: checkpoint.status !== 'parked' && mode !== 'manual_review',
+            requireNewEvidence: requireNewEvidence,
+            resetLoopWhen: resetLoopWhen,
+            stopWhen: stopWhen
+        } }, (releasePolicy ? { releasePolicy: releasePolicy } : {})), (mode === 'collect_evidence' ? { blockedReason: 'Manager parked this loop until the recovery action records new evidence.' } : {})), { createdAt: now });
+}
+function dispatchActionForMode(mode) {
+    var map = {
+        advance: 'advance',
+        collect_evidence: 'run_evidence_probe',
+        read_only_diagnosis: 'run_read_only_diagnosis',
+        repair_infra: 'run_infra_repair',
+        repair_compile: 'run_compile_repair',
+        repair_journey_contract: 'run_journey_contract_repair',
+        repair_business_assertion: 'run_business_assertion_repair',
+        repair_release: 'run_release_repair',
+        targeted_product_repair: 'run_targeted_product_repair',
+        manual_review: 'park_manual',
+        continue_gate: 'continue_gate'
+    };
+    return map[mode] || 'park_manual';
+}
+function buildRecoveryDispatchRecord(action, dispatchAction, status, reason, current, now) {
+    var evidenceHash = (current === null || current === void 0 ? void 0 : current.evidenceHash) || action.checkpointId || action.actionId;
+    var blockerFingerprint = resolveResolveIOAIManagerBlockerFingerprint(current, action.objective);
+    var artifactPaths = cleanList(current === null || current === void 0 ? void 0 : current.artifactPaths, 20, 500);
+    var createdAt = isoNow(now);
+    return __assign(__assign(__assign({ dispatchId: stableHash('mgr-dispatch', {
+            actionId: action.actionId,
+            dispatchAction: dispatchAction,
+            evidenceHash: evidenceHash,
+            blockerFingerprint: blockerFingerprint,
+            status: status
+        }), actionId: action.actionId, checkpointId: action.checkpointId, probeId: action.probeId, mode: action.mode, dispatchAction: dispatchAction, status: status, evidenceHash: evidenceHash, blockerFingerprint: blockerFingerprint, productRepairAllowed: action.productRepairAllowed && dispatchAction === 'run_targeted_product_repair', expensiveModelAllowed: action.expensiveModelAllowed && dispatchAction !== 'run_evidence_probe', reason: reason, artifactPaths: artifactPaths }, (status === 'started' ? { startedAt: createdAt } : {})), (status === 'completed' ? { completedAt: createdAt } : {})), { createdAt: createdAt });
+}
+function decideResolveIOAIManagerRecoveryActionDispatch(input) {
+    var _a, _b, _c, _d, _e, _f, _g, _h, _j, _k, _l, _m;
+    var action = input.action;
+    var history = Array.isArray(input.history) ? input.history.filter(Boolean).slice(-50) : [];
+    var current = input.current || {};
+    if (!action) {
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: 'recovery_dispatch_missing_action',
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: false,
+            requiresNewEvidence: true,
+            newEvidence: false
+        };
+    }
+    var dispatchAction = dispatchActionForMode(action.mode);
+    var allowedDispatchAction = action.allowedDispatchAction || dispatchAction;
+    var evidenceHash = current.evidenceHash || action.checkpointId || action.actionId;
+    var blockerFingerprint = resolveResolveIOAIManagerBlockerFingerprint(current, action.objective);
+    var sameActionHistory = history.filter(function (entry) { return entry.actionId === action.actionId; });
+    var sameEvidenceHistory = sameActionHistory.filter(function (entry) { return entry.evidenceHash === evidenceHash
+        && entry.blockerFingerprint === blockerFingerprint; });
+    var activeDispatch = sameEvidenceHistory.find(function (entry) { return entry.status === 'queued' || entry.status === 'started'; });
+    var completedDispatch = sameEvidenceHistory.find(function (entry) { return entry.status === 'completed' || entry.status === 'failed'; });
+    var newEvidence = sameActionHistory.length > 0 && sameEvidenceHistory.length === 0;
+    var requiresNewEvidence = action.retryPolicy.requireNewEvidence === true;
+    var sameEvidenceAlreadyAttempted = !!completedDispatch && requiresNewEvidence && !newEvidence;
+    var manualOnly = action.mode === 'manual_review' || !action.autoRunnable;
+    var productDispatch = dispatchAction === 'run_targeted_product_repair';
+    var expensiveDispatch = !['run_evidence_probe', 'advance', 'continue_gate', 'park_manual'].includes(dispatchAction);
+    var evidenceAssessment = assessResolveIOAIManagerEvidenceChange(undefined, current, action.objective);
+    var autonomyPolicy = input.autonomyPolicy
+        ? decideResolveIOAIManagerAutonomyPolicy(__assign(__assign({}, (input.autonomyPolicy || {})), { dispatchAction: dispatchAction, projectedActionCostUsd: (_b = (_a = input.autonomyPolicy) === null || _a === void 0 ? void 0 : _a.projectedActionCostUsd) !== null && _b !== void 0 ? _b : action.costCeilingUsd, newEvidence: (_d = (_c = input.autonomyPolicy) === null || _c === void 0 ? void 0 : _c.newEvidence) !== null && _d !== void 0 ? _d : newEvidence, materialEvidence: (_f = (_e = input.autonomyPolicy) === null || _e === void 0 ? void 0 : _e.materialEvidence) !== null && _f !== void 0 ? _f : evidenceAssessment.material, evidenceStrength: (_h = (_g = input.autonomyPolicy) === null || _g === void 0 ? void 0 : _g.evidenceStrength) !== null && _h !== void 0 ? _h : evidenceAssessment.strength, evidenceSignals: (_k = (_j = input.autonomyPolicy) === null || _j === void 0 ? void 0 : _j.evidenceSignals) !== null && _k !== void 0 ? _k : evidenceAssessment.signals, sameEvidenceAlreadyAttempted: (_m = (_l = input.autonomyPolicy) === null || _l === void 0 ? void 0 : _l.sameEvidenceAlreadyAttempted) !== null && _m !== void 0 ? _m : sameEvidenceAlreadyAttempted, operatorApproved: input.operatorApproved }))
+        : undefined;
+    var autonomyBlocksDispatch = !!autonomyPolicy && (autonomyPolicy.mode === 'monitor_only'
+        || (autonomyPolicy.requiresHumanApproval === true && input.operatorApproved !== true)
+        || (autonomyPolicy.canAutoDispatch !== true && input.operatorApproved !== true)
+        || (autonomyPolicy.blocked === true && autonomyPolicy.canManualDispatch !== true));
+    if (autonomyBlocksDispatch) {
+        var record_1 = buildRecoveryDispatchRecord(action, 'park_manual', 'parked', "recovery_dispatch_blocked_by_autonomy_policy:".concat((autonomyPolicy === null || autonomyPolicy === void 0 ? void 0 : autonomyPolicy.reason) || 'unknown'), current, input.now);
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: record_1.reason,
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: true,
+            requiresNewEvidence: requiresNewEvidence,
+            newEvidence: newEvidence,
+            autonomyPolicy: autonomyPolicy,
+            dispatchRecord: record_1
+        };
+    }
+    if (action.singleActionOnly === true && allowedDispatchAction !== dispatchAction) {
+        var record_2 = buildRecoveryDispatchRecord(action, 'park_manual', 'parked', 'recovery_dispatch_action_not_in_packet_contract', current, input.now);
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: record_2.reason,
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: true,
+            requiresNewEvidence: true,
+            newEvidence: newEvidence,
+            autonomyPolicy: autonomyPolicy,
+            dispatchRecord: record_2
+        };
+    }
+    if (manualOnly && input.operatorApproved !== true) {
+        var record_3 = buildRecoveryDispatchRecord(action, 'park_manual', 'parked', 'recovery_dispatch_requires_manual_review', current, input.now);
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: record_3.reason,
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: true,
+            requiresNewEvidence: requiresNewEvidence,
+            newEvidence: newEvidence,
+            autonomyPolicy: autonomyPolicy,
+            dispatchRecord: record_3
+        };
+    }
+    if (productDispatch && action.productRepairAllowed !== true) {
+        var record_4 = buildRecoveryDispatchRecord(action, 'park_manual', 'parked', 'recovery_dispatch_product_repair_not_allowed', current, input.now);
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: record_4.reason,
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: true,
+            requiresNewEvidence: true,
+            newEvidence: newEvidence,
+            autonomyPolicy: autonomyPolicy,
+            dispatchRecord: record_4
+        };
+    }
+    if (activeDispatch) {
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: 'recovery_dispatch_already_running_for_same_evidence',
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: false,
+            requiresNewEvidence: true,
+            newEvidence: false,
+            autonomyPolicy: autonomyPolicy
+        };
+    }
+    if (sameEvidenceAlreadyAttempted) {
+        var record_5 = buildRecoveryDispatchRecord(action, 'park_manual', 'parked', 'recovery_dispatch_same_evidence_already_attempted', current, input.now);
+        return {
+            dispatchAction: 'park_manual',
+            allowed: false,
+            reason: record_5.reason,
+            status: 'parked',
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldRecordDispatch: true,
+            requiresNewEvidence: true,
+            newEvidence: false,
+            autonomyPolicy: autonomyPolicy,
+            dispatchRecord: record_5
+        };
+    }
+    var status = dispatchAction === 'advance' || dispatchAction === 'continue_gate'
+        ? 'completed'
+        : 'started';
+    var record = buildRecoveryDispatchRecord(action, dispatchAction, status, 'recovery_dispatch_allowed', current, input.now);
+    return {
+        dispatchAction: dispatchAction,
+        allowed: true,
+        reason: 'recovery_dispatch_allowed',
+        status: status,
+        canRunProductRepair: productDispatch && action.productRepairAllowed === true,
+        canRunExpensiveModel: expensiveDispatch && action.expensiveModelAllowed === true,
+        shouldRecordDispatch: true,
+        requiresNewEvidence: requiresNewEvidence,
+        newEvidence: newEvidence,
+        autonomyPolicy: autonomyPolicy,
+        dispatchRecord: record
+    };
+}
+function appendResolveIOAIManagerRecoveryActionDispatch(history, record, limit) {
+    if (limit === void 0) { limit = 50; }
+    var existing = Array.isArray(history) ? history.filter(Boolean) : [];
+    if (!record) {
+        return existing.slice(-limit);
+    }
+    var deduped = existing.filter(function (entry) { return entry.dispatchId !== record.dispatchId; });
+    return __spreadArray(__spreadArray([], __read(deduped), false), [record], false).slice(-limit);
+}
+function recoveryExecutionPhaseForDispatch(dispatchAction) {
+    var map = {
+        run_evidence_probe: 'evidence',
+        run_read_only_diagnosis: 'diagnosis',
+        run_infra_repair: 'infra',
+        run_compile_repair: 'compile',
+        run_journey_contract_repair: 'journey',
+        run_business_assertion_repair: 'business_proof',
+        run_release_repair: 'release',
+        run_targeted_product_repair: 'product_repair',
+        advance: 'advance',
+        continue_gate: 'advance',
+        park_manual: 'manual'
+    };
+    return map[dispatchAction] || 'manual';
+}
+function recoveryDirectiveReason(action, decision, current) {
+    var blocker = cleanText((current === null || current === void 0 ? void 0 : current.blocker) || (current === null || current === void 0 ? void 0 : current.summary) || '', 260);
+    var label = cleanText(action === null || action === void 0 ? void 0 : action.label, 120) || decision.dispatchAction;
+    var objective = cleanText(action === null || action === void 0 ? void 0 : action.objective, 260);
+    return [
+        "MANAGER_RECOVERY:".concat(decision.dispatchAction),
+        "label=".concat(label),
+        decision.reason ? "reason=".concat(decision.reason) : '',
+        blocker ? "blocker=".concat(blocker) : '',
+        objective ? "objective=".concat(objective) : ''
+    ].filter(Boolean).join(' | ');
+}
+function buildResolveIOAIManagerRecoveryExecutionDirective(input) {
+    var _a, _b, _c, _d, _e;
+    var action = input.action;
+    var dispatchDecision = input.dispatchDecision || decideResolveIOAIManagerRecoveryActionDispatch({
+        action: action,
+        current: input.current,
+        autonomyPolicy: input.autonomyPolicy,
+        now: input.now
+    });
+    var dispatchAction = dispatchDecision.dispatchAction;
+    var now = isoNow(input.now);
+    var phase = recoveryExecutionPhaseForDispatch(dispatchAction);
+    var lane = cleanText((action === null || action === void 0 ? void 0 : action.lane) || ((_a = input.current) === null || _a === void 0 ? void 0 : _a.lane) || '', 120);
+    var stepType = cleanText((action === null || action === void 0 ? void 0 : action.stepType) || ((_b = input.current) === null || _b === void 0 ? void 0 : _b.stepType) || '', 120);
+    var rerunReason = recoveryDirectiveReason(action, dispatchDecision, input.current);
+    var surface = cleanText(input.surface || 'runner', 120);
+    return __assign(__assign(__assign(__assign(__assign({ directiveId: stableHash('mgr-directive', {
+            surface: surface,
+            actionId: (action === null || action === void 0 ? void 0 : action.actionId) || '',
+            dispatchAction: dispatchAction,
+            reason: dispatchDecision.reason,
+            evidenceHash: ((_c = dispatchDecision.dispatchRecord) === null || _c === void 0 ? void 0 : _c.evidenceHash) || ((_d = input.current) === null || _d === void 0 ? void 0 : _d.evidenceHash) || ''
+        }), surface: surface, dispatchAction: dispatchAction, phase: phase, allowed: dispatchDecision.allowed, status: dispatchDecision.status, reason: dispatchDecision.reason, singleActionOnly: (action === null || action === void 0 ? void 0 : action.singleActionOnly) !== false, allowedDispatchAction: (action === null || action === void 0 ? void 0 : action.allowedDispatchAction) || dispatchAction, lane: lane, stepType: stepType, nextActionLabel: cleanText(action === null || action === void 0 ? void 0 : action.label, 160) || dispatchAction, rerunReason: rerunReason, evidenceOnly: (action === null || action === void 0 ? void 0 : action.evidenceOnly) !== false || dispatchAction === 'run_evidence_probe', autoRunnable: (action === null || action === void 0 ? void 0 : action.autoRunnable) === true, productRepairAllowed: (action === null || action === void 0 ? void 0 : action.productRepairAllowed) === true, expensiveModelAllowed: (action === null || action === void 0 ? void 0 : action.expensiveModelAllowed) === true, costCeilingUsd: Math.max(0, Number((action === null || action === void 0 ? void 0 : action.costCeilingUsd) || 0) || 0), requiredStateTransition: cleanText(action === null || action === void 0 ? void 0 : action.requiredStateTransition, 500), proofRequiredBeforeContinuation: (action === null || action === void 0 ? void 0 : action.proofRequiredBeforeContinuation) === true, canRunProductRepair: dispatchDecision.canRunProductRepair, canRunExpensiveModel: dispatchDecision.canRunExpensiveModel, canResetLoopAfterEvidence: (action === null || action === void 0 ? void 0 : action.canResetLoopAfterEvidence) === true, requiresNewEvidence: dispatchDecision.requiresNewEvidence, newEvidence: dispatchDecision.newEvidence }, (dispatchDecision.autonomyPolicy ? { autonomyPolicy: dispatchDecision.autonomyPolicy } : {})), { maxAttemptsBeforePark: Math.max(1, Number((action === null || action === void 0 ? void 0 : action.maxAttemptsBeforePark) || 1) || 1), requiredArtifacts: cleanList(action === null || action === void 0 ? void 0 : action.requiredArtifacts, 20, 500), nextCommands: cleanList(action === null || action === void 0 ? void 0 : action.nextCommands, 20, 500), successCriteria: cleanList(action === null || action === void 0 ? void 0 : action.successCriteria, 20, 500), exitCriteria: cleanList(action === null || action === void 0 ? void 0 : action.exitCriteria, 30, 500), forbiddenActions: (action === null || action === void 0 ? void 0 : action.productRepairAllowed) === true
+            ? []
+            : Array.from(new Set(__spreadArray([
+                'Do not run product-code repair from this directive unless canRunProductRepair is true.'
+            ], __read((((_e = action === null || action === void 0 ? void 0 : action.releasePolicy) === null || _e === void 0 ? void 0 : _e.forbiddenActions) || [])), false))).slice(0, 20) }), (dispatchDecision.dispatchRecord ? { dispatchRecord: dispatchDecision.dispatchRecord } : {})), ((action === null || action === void 0 ? void 0 : action.releasePolicy) ? { releasePolicy: action.releasePolicy } : {})), { createdAt: now });
+}
+function failureRecordFromDirectiveStart(directive, previous) {
+    if (previous) {
+        return previous;
+    }
+    var dispatchRecord = directive === null || directive === void 0 ? void 0 : directive.dispatchRecord;
+    return {
+        lane: directive === null || directive === void 0 ? void 0 : directive.lane,
+        stepType: directive === null || directive === void 0 ? void 0 : directive.stepType,
+        failureClass: '',
+        blockerFingerprint: dispatchRecord === null || dispatchRecord === void 0 ? void 0 : dispatchRecord.blockerFingerprint,
+        evidenceHash: dispatchRecord === null || dispatchRecord === void 0 ? void 0 : dispatchRecord.evidenceHash,
+        artifactPaths: (dispatchRecord === null || dispatchRecord === void 0 ? void 0 : dispatchRecord.artifactPaths) || [],
+        recordedAt: (dispatchRecord === null || dispatchRecord === void 0 ? void 0 : dispatchRecord.createdAt) || (directive === null || directive === void 0 ? void 0 : directive.createdAt)
+    };
+}
+function recoveryExecutionProofStatus(input) {
+    var directive = input.directive;
+    if (!directive || directive.allowed !== true || directive.dispatchAction === 'park_manual') {
+        return 'manual_handoff';
+    }
+    if (!input.hasCurrent) {
+        return 'waiting_for_execution';
+    }
+    if (directive.requiresNewEvidence === true && input.assessment.changed !== true) {
+        return 'blocked_same_evidence';
+    }
+    if (directive.proofRequiredBeforeContinuation === true && input.assessment.material !== true) {
+        return 'waiting_for_new_evidence';
+    }
+    return 'proof_ready';
+}
+function buildResolveIOAIManagerRecoveryExecutionProofContract(input) {
+    if (input === void 0) { input = {}; }
+    var directive = input.directive;
+    var previous = failureRecordFromDirectiveStart(directive, input.previous);
+    var current = input.current || {};
+    var hasCurrent = !!input.current;
+    var assessment = hasCurrent
+        ? assessResolveIOAIManagerEvidenceChange(previous, current, directive === null || directive === void 0 ? void 0 : directive.requiredStateTransition)
+        : {
+            changed: false,
+            material: false,
+            strength: 'none',
+            signals: [],
+            evidenceHash: hashResolveIOAIManagerEvidence(previous),
+            blockerFingerprint: resolveResolveIOAIManagerBlockerFingerprint(previous, directive === null || directive === void 0 ? void 0 : directive.requiredStateTransition)
+        };
+    var status = recoveryExecutionProofStatus({ directive: directive, hasCurrent: hasCurrent, assessment: assessment });
+    var canContinueRun = status === 'proof_ready';
+    var requiredEvidence = Array.from(new Set(__spreadArray(__spreadArray(__spreadArray([], __read(cleanList(input.requiredEvidence, 30, 500)), false), __read(cleanList(directive === null || directive === void 0 ? void 0 : directive.requiredArtifacts, 30, 500)), false), __read(cleanList(directive === null || directive === void 0 ? void 0 : directive.successCriteria, 30, 500)), false).filter(Boolean)));
+    var missingEvidence = (directive === null || directive === void 0 ? void 0 : directive.proofRequiredBeforeContinuation) === true && status !== 'proof_ready'
+        ? (requiredEvidence.length ? requiredEvidence : ['new material evidence or passed proof artifact'])
+        : [];
+    var artifactPaths = cleanList(current.artifactPaths || previous.artifactPaths, 80, 500);
+    var changedFiles = cleanList(current.changedFiles, 80, 500);
+    var startingFailureClass = normalizeResolveIOAIManagerFailureClass(previous.failureClass);
+    var latestFailureClass = normalizeResolveIOAIManagerFailureClass(current.failureClass || previous.failureClass);
+    var startingBlockerFingerprint = cleanText(previous.blockerFingerprint, 160)
+        || resolveResolveIOAIManagerBlockerFingerprint(previous, directive === null || directive === void 0 ? void 0 : directive.requiredStateTransition);
+    var startingEvidenceHash = cleanText(previous.evidenceHash, 160)
+        || hashResolveIOAIManagerEvidence(previous);
+    var blockers = [
+        status === 'manual_handoff' ? ((directive === null || directive === void 0 ? void 0 : directive.reason) || 'recovery_execution_requires_manual_handoff') : '',
+        status === 'waiting_for_execution' ? 'recovery_execution_waiting_for_current_evidence' : '',
+        status === 'blocked_same_evidence' ? 'recovery_execution_same_evidence_after_dispatch' : '',
+        status === 'waiting_for_new_evidence' ? 'recovery_execution_missing_material_evidence' : ''
+    ].filter(Boolean);
+    var createdAt = isoNow(input.now);
+    return {
+        contractId: stableHash('mgr-execution-proof', {
+            directiveId: (directive === null || directive === void 0 ? void 0 : directive.directiveId) || '',
+            dispatchAction: (directive === null || directive === void 0 ? void 0 : directive.dispatchAction) || 'park_manual',
+            status: status,
+            startingEvidenceHash: startingEvidenceHash,
+            latestEvidenceHash: assessment.evidenceHash,
+            createdAt: createdAt.slice(0, 16)
+        }),
+        directiveId: cleanText(directive === null || directive === void 0 ? void 0 : directive.directiveId, 180),
+        surface: cleanText(directive === null || directive === void 0 ? void 0 : directive.surface, 120) || 'runner',
+        dispatchAction: (directive === null || directive === void 0 ? void 0 : directive.dispatchAction) || 'park_manual',
+        phase: (directive === null || directive === void 0 ? void 0 : directive.phase) || 'manual',
+        status: status,
+        canContinueRun: canContinueRun,
+        canRunProductRepair: canContinueRun && (directive === null || directive === void 0 ? void 0 : directive.canRunProductRepair) === true,
+        canRunExpensiveModel: canContinueRun && (directive === null || directive === void 0 ? void 0 : directive.canRunExpensiveModel) === true,
+        canResetLoopBudget: canContinueRun && assessment.material === true,
+        proofRequiredBeforeContinuation: (directive === null || directive === void 0 ? void 0 : directive.proofRequiredBeforeContinuation) === true,
+        requiresNewEvidence: (directive === null || directive === void 0 ? void 0 : directive.requiresNewEvidence) === true,
+        newEvidence: assessment.changed,
+        materialEvidence: assessment.material,
+        evidenceStrength: assessment.strength,
+        evidenceSignals: assessment.signals,
+        startingFailureClass: startingFailureClass,
+        startingBlockerFingerprint: startingBlockerFingerprint,
+        startingEvidenceHash: startingEvidenceHash,
+        latestFailureClass: latestFailureClass,
+        latestBlockerFingerprint: assessment.blockerFingerprint,
+        latestEvidenceHash: assessment.evidenceHash,
+        requiredEvidence: requiredEvidence,
+        missingEvidence: missingEvidence,
+        artifactPaths: artifactPaths,
+        changedFiles: changedFiles,
+        blockers: blockers,
+        nextAllowedAction: canContinueRun ? ((directive === null || directive === void 0 ? void 0 : directive.nextCommands[0]) || 'continue_gate') : 'collect_required_recovery_proof',
+        forbiddenActions: Array.from(new Set(__spreadArray([
+            'Do not continue product-code repair until recovery execution proof is proof_ready.'
+        ], __read(cleanList(directive === null || directive === void 0 ? void 0 : directive.forbiddenActions, 30, 500)), false))),
+        createdAt: createdAt
+    };
+}
+function validateResolveIOAIManagerRecoveryExecutionProofContract(value) {
+    var source = value || {};
+    var validStatuses = [
+        'proof_ready',
+        'waiting_for_execution',
+        'waiting_for_new_evidence',
+        'blocked_same_evidence',
+        'manual_handoff'
+    ];
+    var status = cleanText(source.status, 120);
+    var normalized = {
+        contractId: cleanText(source.contractId || source.contract_id, 180),
+        directiveId: cleanText(source.directiveId || source.directive_id, 180),
+        surface: cleanText(source.surface, 120),
+        dispatchAction: cleanText(source.dispatchAction || source.dispatch_action, 120),
+        phase: cleanText(source.phase, 120),
+        status: validStatuses.includes(status) ? status : 'manual_handoff',
+        canContinueRun: source.canContinueRun === true || source.can_continue_run === true,
+        canRunProductRepair: source.canRunProductRepair === true || source.can_run_product_repair === true,
+        canRunExpensiveModel: source.canRunExpensiveModel === true || source.can_run_expensive_model === true,
+        canResetLoopBudget: source.canResetLoopBudget === true || source.can_reset_loop_budget === true,
+        proofRequiredBeforeContinuation: source.proofRequiredBeforeContinuation === true || source.proof_required_before_continuation === true,
+        requiresNewEvidence: source.requiresNewEvidence === true || source.requires_new_evidence === true,
+        newEvidence: source.newEvidence === true || source.new_evidence === true,
+        materialEvidence: source.materialEvidence === true || source.material_evidence === true,
+        evidenceStrength: cleanText(source.evidenceStrength || source.evidence_strength, 120),
+        evidenceSignals: cleanList(source.evidenceSignals || source.evidence_signals, 30, 200),
+        startingFailureClass: cleanText(source.startingFailureClass || source.starting_failure_class, 120),
+        startingBlockerFingerprint: cleanText(source.startingBlockerFingerprint || source.starting_blocker_fingerprint, 180),
+        startingEvidenceHash: cleanText(source.startingEvidenceHash || source.starting_evidence_hash, 180),
+        latestFailureClass: cleanText(source.latestFailureClass || source.latest_failure_class, 120),
+        latestBlockerFingerprint: cleanText(source.latestBlockerFingerprint || source.latest_blocker_fingerprint, 180),
+        latestEvidenceHash: cleanText(source.latestEvidenceHash || source.latest_evidence_hash, 180),
+        requiredEvidence: cleanList(source.requiredEvidence || source.required_evidence, 30, 500),
+        missingEvidence: cleanList(source.missingEvidence || source.missing_evidence, 30, 500),
+        artifactPaths: cleanList(source.artifactPaths || source.artifact_paths, 80, 500),
+        changedFiles: cleanList(source.changedFiles || source.changed_files, 80, 500),
+        blockers: cleanList(source.blockers, 30, 500),
+        nextAllowedAction: cleanText(source.nextAllowedAction || source.next_allowed_action, 180),
+        forbiddenActions: cleanList(source.forbiddenActions || source.forbidden_actions, 30, 500),
+        createdAt: cleanText(source.createdAt || source.created_at, 120)
+    };
+    var blockers = [
+        normalized.contractId ? '' : 'Recovery execution proof is missing contractId.',
+        normalized.directiveId || normalized.status === 'manual_handoff' ? '' : 'Recovery execution proof is missing directiveId.',
+        normalized.dispatchAction ? '' : 'Recovery execution proof is missing dispatchAction.',
+        validStatuses.includes(status) ? '' : 'Recovery execution proof has an invalid status.',
+        normalized.canContinueRun && normalized.status !== 'proof_ready' ? 'Recovery execution cannot continue unless status=proof_ready.' : '',
+        normalized.status === 'proof_ready' && normalized.proofRequiredBeforeContinuation && !normalized.materialEvidence ? 'Proof-ready recovery requires materialEvidence=true when proof is required.' : '',
+        normalized.status === 'proof_ready' && normalized.requiresNewEvidence && !normalized.newEvidence ? 'Proof-ready recovery requires newEvidence=true when new evidence is required.' : '',
+        normalized.canRunProductRepair && !normalized.canContinueRun ? 'Product repair cannot run before recovery proof can continue.' : '',
+        normalized.canRunExpensiveModel && !normalized.canContinueRun ? 'Expensive model cannot run before recovery proof can continue.' : '',
+        normalized.status !== 'proof_ready' && normalized.missingEvidence.length === 0 && normalized.proofRequiredBeforeContinuation ? 'Blocked recovery proof must list missingEvidence.' : '',
+        normalized.forbiddenActions.length ? '' : 'Recovery execution proof must include forbiddenActions.'
+    ].filter(Boolean);
+    return {
+        valid: blockers.length === 0,
+        status: blockers.length ? 'blocked' : normalized.status,
+        blockers: blockers,
+        normalized: normalized
+    };
+}
+function newListEntries(current, previous) {
+    var existing = new Set(previous.map(function (entry) { return cleanText(entry, 500); }).filter(Boolean));
+    return current
+        .map(function (entry) { return cleanText(entry, 500); })
+        .filter(function (entry) { return entry && !existing.has(entry); });
+}
+function recordLane(value) {
+    return cleanText(value === null || value === void 0 ? void 0 : value.lane, 80);
+}
+function recordStepType(value) {
+    return cleanText(value === null || value === void 0 ? void 0 : value.stepType, 80);
+}
+function recordFailureClass(value) {
+    var valueText = cleanText(value === null || value === void 0 ? void 0 : value.failureClass, 80);
+    return valueText ? normalizeResolveIOAIManagerFailureClass(valueText) : '';
+}
+function materialEvidenceText(record, paths) {
+    if (paths === void 0) { paths = []; }
+    return __spreadArray([
+        cleanText(record === null || record === void 0 ? void 0 : record.blocker, 1200),
+        cleanText(record === null || record === void 0 ? void 0 : record.summary, 1200)
+    ], __read(paths.map(function (path) { return cleanText(path, 500); })), false).filter(Boolean).join(' ').toLowerCase();
+}
+function hasMaterialEvidenceLanguage(text) {
+    return /(business|assertion|proof|before|after|dom|trace|stack|network|mongo|query|diff|scope|diagnosis|journey|contract|workflow|compile|build|preflight|infra|chrome|puppeteer|release|publish|deploy|sample|seed|route|auth|hydration|performance|slow|owner|root.?cause|repro|pdf|export|upload|import|filter|invoice|saved|calculated|comparison|report)/i.test(text);
+}
+function assessResolveIOAIManagerEvidenceChange(previous, current, fallbackObjective) {
+    var currentRecord = current || {};
+    var previousRecord = previous;
+    var previousEvidenceHash = previousRecord ? cleanText(previousRecord.evidenceHash, 160) || hashResolveIOAIManagerEvidence(previousRecord) : '';
+    var currentEvidenceHash = hashResolveIOAIManagerEvidence(currentRecord);
+    var previousBlockerFingerprint = previousRecord
+        ? cleanText(previousRecord.blockerFingerprint, 160) || resolveResolveIOAIManagerBlockerFingerprint(previousRecord, fallbackObjective)
+        : '';
+    var currentBlockerFingerprint = resolveResolveIOAIManagerBlockerFingerprint(currentRecord, fallbackObjective);
+    var previousChangedFiles = cleanList(previousRecord === null || previousRecord === void 0 ? void 0 : previousRecord.changedFiles, 80, 500);
+    var currentChangedFiles = cleanList(currentRecord.changedFiles, 80, 500);
+    var previousArtifactPaths = cleanList(previousRecord === null || previousRecord === void 0 ? void 0 : previousRecord.artifactPaths, 80, 500);
+    var currentArtifactPaths = cleanList(currentRecord.artifactPaths, 80, 500);
+    var addedChangedFiles = newListEntries(currentChangedFiles, previousChangedFiles);
+    var addedArtifactPaths = newListEntries(currentArtifactPaths, previousArtifactPaths);
+    var signals = [];
+    if (previousEvidenceHash && currentEvidenceHash !== previousEvidenceHash) {
+        signals.push('evidence_hash_changed');
+    }
+    if (previousBlockerFingerprint && currentBlockerFingerprint !== previousBlockerFingerprint) {
+        signals.push('blocker_fingerprint_changed');
+    }
+    if (recordLane(previousRecord) && recordLane(previousRecord) !== recordLane(currentRecord)) {
+        signals.push('lane_changed');
+    }
+    if (recordStepType(previousRecord) && recordStepType(previousRecord) !== recordStepType(currentRecord)) {
+        signals.push('step_type_changed');
+    }
+    if (recordFailureClass(previousRecord) && recordFailureClass(previousRecord) !== recordFailureClass(currentRecord)) {
+        signals.push('failure_class_changed');
+    }
+    if (addedChangedFiles.length) {
+        signals.push('changed_files_added');
+    }
+    if (addedArtifactPaths.length) {
+        signals.push('artifact_paths_added');
+    }
+    if (isPassingOutcome(currentRecord)) {
+        signals.push('passing_outcome');
+    }
+    var changed = signals.length > 0;
+    var evidenceText = materialEvidenceText(currentRecord, addedArtifactPaths);
+    var pathOrSummaryHasMaterialSignal = hasMaterialEvidenceLanguage(evidenceText);
+    var proof = signals.includes('passing_outcome');
+    var structuralChange = signals.some(function (signal) { return /blocker_fingerprint_changed|lane_changed|step_type_changed|failure_class_changed/.test(signal); });
+    var materialArtifact = addedArtifactPaths.length > 0 && pathOrSummaryHasMaterialSignal;
+    var materialChangedFiles = addedChangedFiles.length > 0
+        && /diagnosis|owner|scope|diff|root.?cause|failing path|stack|trace|business|proof|compile|release|deploy|workflow|journey/i.test(evidenceText);
+    var material = proof || structuralChange || materialArtifact || materialChangedFiles;
+    var strength = proof
+        ? 'proof'
+        : material
+            ? 'material'
+            : changed
+                ? 'weak'
+                : 'none';
+    return {
+        changed: changed,
+        material: material,
+        strength: strength,
+        signals: signals,
+        evidenceHash: currentEvidenceHash,
+        blockerFingerprint: currentBlockerFingerprint
+    };
+}
+function proposedActionIsProductRepair(value) {
+    var normalized = cleanText(value, 120);
+    return /product|code|repair|build|business|journey|workflow/i.test(normalized)
+        && !/infra|compile|diagnosis|manual|evidence|release|publish/i.test(normalized);
+}
+function decideResolveIOAIManagerRecoveryGate(input) {
+    var checkpoint = input.checkpoint;
+    var hasCurrent = !!input.current;
+    var current = input.current || {};
+    var assessment = hasCurrent
+        ? assessResolveIOAIManagerEvidenceChange(checkpoint, current, checkpoint.objective)
+        : {
+            changed: false,
+            material: false,
+            strength: 'none',
+            signals: [],
+            evidenceHash: checkpoint.evidenceHash,
+            blockerFingerprint: checkpoint.blockerFingerprint
+        };
+    var blockerFingerprint = assessment.blockerFingerprint;
+    var evidenceHash = assessment.evidenceHash;
+    var changedFiles = hasCurrent ? cleanList(current.changedFiles, 80, 500) : checkpoint.changedFiles;
+    var artifactPaths = hasCurrent ? cleanList(current.artifactPaths, 80, 500) : checkpoint.artifactPaths;
+    var evidenceChanged = assessment.changed;
+    var proposedAction = cleanText(input.proposedAction || checkpoint.allowedAction, 120);
+    var productRepairRequested = proposedActionIsProductRepair(proposedAction);
+    var missingEvidence = checkpoint.requiredEvidence.filter(function (required) {
+        var normalized = cleanText(required, 120).toLowerCase();
+        if (!normalized) {
+            return false;
+        }
+        if (/artifact|log|proof|gate|evidence/.test(normalized)) {
+            return !artifactPaths.length && !current.evidenceHash;
+        }
+        if (/diff|changed files|owner|scope|file/.test(normalized)) {
+            return !changedFiles.length;
+        }
+        return false;
+    });
+    var makeDecision = function (action, reason, overrides) {
+        if (overrides === void 0) { overrides = {}; }
+        return (__assign({ action: action, reason: reason, canRunProductRepair: checkpoint.productRepairAllowed, canRunExpensiveModel: checkpoint.expensiveModelAllowed, shouldResetLoopBudget: false, shouldIncrementAttempt: action === 'allow', newEvidence: evidenceChanged, materialEvidence: assessment.material, evidenceStrength: assessment.strength, evidenceSignals: assessment.signals, blockerFingerprint: blockerFingerprint, evidenceHash: evidenceHash, missingEvidence: missingEvidence, checkpoint: __assign(__assign({}, checkpoint), { updatedAt: isoNow(input.now) }) }, overrides));
+    };
+    if (checkpoint.status === 'complete') {
+        return makeDecision('complete', 'recovery_gate_checkpoint_already_complete', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (checkpoint.status === 'manual_handoff' && input.operatorApproved !== true) {
+        return makeDecision('manual_handoff', 'recovery_gate_manual_handoff_requires_operator_approval', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (productRepairRequested && !checkpoint.productRepairAllowed) {
+        return makeDecision('reject_action', 'recovery_gate_product_repair_not_allowed_for_checkpoint', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (checkpoint.status === 'parked' && !evidenceChanged) {
+        return makeDecision('collect_new_evidence', 'recovery_gate_parked_until_new_evidence', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (checkpoint.status === 'parked' && evidenceChanged && !assessment.material) {
+        return makeDecision('collect_new_evidence', 'recovery_gate_weak_evidence_requires_material_signal', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (checkpoint.attempts >= checkpoint.maxAttemptsBeforePark && !evidenceChanged) {
+        return makeDecision('collect_new_evidence', 'recovery_gate_attempt_limit_requires_new_evidence', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (checkpoint.attempts >= checkpoint.maxAttemptsBeforePark && evidenceChanged && !assessment.material) {
+        return makeDecision('collect_new_evidence', 'recovery_gate_attempt_limit_requires_material_evidence', {
+            canRunProductRepair: false,
+            canRunExpensiveModel: false,
+            shouldIncrementAttempt: false
+        });
+    }
+    if (evidenceChanged) {
+        var currentFailureClass = normalizeResolveIOAIManagerFailureClass(current.failureClass);
+        var currentCanRunProductRepair = checkpoint.productRepairAllowed
+            || !/^(infra|compile|diagnosis|release)$/i.test(currentFailureClass);
+        return makeDecision('allow', 'recovery_gate_new_material_evidence_unblocks_retry', {
+            canRunProductRepair: currentCanRunProductRepair,
+            canRunExpensiveModel: checkpoint.expensiveModelAllowed || currentCanRunProductRepair,
+            shouldResetLoopBudget: true
+        });
+    }
+    return makeDecision('allow', 'recovery_gate_action_allowed');
+}
+function failureKey(record) {
+    if (!record) {
+        return '';
+    }
+    var failureClass = normalizeResolveIOAIManagerFailureClass(record.failureClass);
+    var blockerFingerprint = resolveResolveIOAIManagerBlockerFingerprint(record);
+    return "".concat(cleanText(record.lane, 80), ":").concat(cleanText(record.stepType, 80), ":").concat(failureClass, ":").concat(blockerFingerprint);
+}
+function failureEvidenceKey(record) {
+    return "".concat(failureKey(record), ":").concat(hashResolveIOAIManagerEvidence(record));
+}
+function isPassingOutcome(record) {
+    return /^(pass|accepted|ready_to_publish|published|ready_for_merge|complete|completed)$/i.test(cleanText(record === null || record === void 0 ? void 0 : record.outcome, 80));
+}
+function isManualOutcome(record) {
+    return /^(manual_handoff|park_manual|stopped)$/i.test(cleanText(record === null || record === void 0 ? void 0 : record.outcome, 80));
+}
+function buildResolveIOAIManagerRecoveryPlan(input) {
+    if (input === void 0) { input = {}; }
+    var action = cleanText(input.action, 80) || 'continue';
+    var reason = cleanText(input.reason, 240);
+    var failureClass = normalizeResolveIOAIManagerFailureClass(input.failureClass);
+    var lane = cleanText(input.lane, 80) || 'supervisor';
+    var stepType = cleanText(input.stepType, 80) || 'unknown';
+    var blocker = cleanText(input.blocker, 700);
+    var changedFiles = cleanList(input.changedFiles, 12, 240);
+    var artifactPaths = cleanList(input.artifactPaths, 12, 240);
+    var maxAttemptsBeforePark = Math.max(1, Number(input.maxSameFailureRepeats || 3) || 3);
+    var commonNotes = [
+        reason ? "policy_reason=".concat(reason) : '',
+        blocker ? "blocker=".concat(blocker) : '',
+        changedFiles.length ? "changed_files=".concat(changedFiles.join(', ')) : '',
+        artifactPaths.length ? "artifacts=".concat(artifactPaths.join(', ')) : ''
+    ].filter(Boolean);
+    var base = {
+        lane: lane,
+        stepType: stepType,
+        maxAttemptsBeforePark: maxAttemptsBeforePark,
+        notes: commonNotes
+    };
+    var makePlan = function (recoveryClass, nextActionLabel, objective, allowedAction, productRepairAllowed, expensiveModelAllowed, finiteSteps, requiredEvidence, loopResetEvidence, forbiddenActions) { return (__assign(__assign({}, base), { recoveryClass: recoveryClass, nextActionLabel: nextActionLabel, objective: objective, allowedAction: allowedAction, productRepairAllowed: productRepairAllowed, expensiveModelAllowed: expensiveModelAllowed, finiteSteps: finiteSteps, requiredEvidence: requiredEvidence, loopResetEvidence: loopResetEvidence, forbiddenActions: forbiddenActions })); };
+    if (action === 'reset_loop_budget') {
+        return makePlan('advance_after_proof', 'Advance After Proof', 'Checkpoint the passing evidence and move to the next required gate.', 'advance_to_next_gate', false, false, [
+            'Record the passing artifact, changed files, and gate result.',
+            'Reset the loop counter because a real gate passed.',
+            'Select the next unmet deterministic gate instead of repeating the previous repair.'
+        ], ['passing gate record', 'artifact or log proving the passed check'], ['new passing gate result', 'new business proof artifact'], ['rerun the same repair after a pass', 'mark accepted without the required downstream gate']);
+    }
+    if (action === 'manual_handoff') {
+        return makePlan('manual_handoff', 'Manual Review', 'Stop autonomous repair and expose the blocker, evidence, and last safe state.', 'manual_review_only', false, false, [
+            'Freeze further product-code edits.',
+            'Show the blocker fingerprint, evidence hash, and prior attempts.',
+            'Require a human edit to classification, scope, or retry policy before another model/code loop.'
+        ], ['blocker fingerprint', 'evidence hash', 'attempt history'], ['manual policy change', 'new external evidence'], ['start another automatic model repair', 'hide the failed evidence']);
+    }
+    if (action === 'budget_stop') {
+        return makePlan('manual_handoff', 'Budget Stop Review', 'Stop autonomous model/code loops until a cheaper scoped next action is selected.', 'budget_review_only', false, false, [
+            'Freeze further model repair loops.',
+            'Show the prompt/token/runtime budget that tripped the guard.',
+            'Select a cheaper deterministic gate, infra repair, diagnosis revision, or manual scope edit before resuming.'
+        ], ['budget guard reason', 'latest prompt estimate', 'last blocker/evidence hash'], ['manual scope reduction', 'new deterministic evidence', 'approved budget policy change'], ['start another broad model prompt', 'reset budget without new evidence', 'hide cost context']);
+    }
+    if (failureClass === 'diagnosis' || stepType === 'diagnosis_gate') {
+        return makePlan('diagnosis_only', 'Run Diagnosis Gate', 'Produce a falsifiable root-cause diagnosis before any repair.', 'read_only_diagnosis', false, true, [
+            'Reproduce or explicitly classify the customer issue.',
+            'Accept one falsifiable hypothesis and record rejected alternatives.',
+            'Identify the frontend/backend/shared failing path.',
+            'Select a small owner_files set.',
+            'Define exact before/action/after business proof.'
+        ], ['issue_case', 'accepted_hypothesis', 'rejected_alternatives', 'failing_path', 'owner_files', 'proof_plan'], ['new reproduction artifact', 'new query/log/code evidence', 'validated diagnosis gate'], ['edit product code', 'run broad repo repair', 'accept route-load evidence as success']);
+    }
+    if (failureClass === 'owner_scope' || failureClass === 'out_of_scope' || /out.?of.?scope|owner_files/i.test(reason)) {
+        return makePlan('diagnosis_revision', 'Revise Diagnosis Scope', 'Revise owner_files only when new evidence proves the current scope is wrong.', 'diagnosis_revision_only', false, true, [
+            'Compare changed files against the diagnosis owner_files.',
+            'Collect evidence proving why the new file is in the failing path.',
+            'Update accepted_hypothesis, failing_path, owner_files, and proof_plan together.',
+            'Resume repair only after the revised gate validates.'
+        ], ['out-of-scope file list', 'new failing-path evidence', 'revalidated diagnosis gate'], ['revised owner_files with evidence', 'new business proof requirement'], ['keep broad edits without diagnosis', 'add convenience refactors', 'continue repair outside owner_files']);
+    }
+    if (action === 'retry_infra') {
+        var isCompile = failureClass === 'compile';
+        return makePlan(isCompile ? 'compile_repair' : 'infra_repair', isCompile ? 'Repair Compile Gate' : 'Repair Infra Gate', isCompile
+            ? 'Fix the deterministic compile/build blocker before spending another product repair loop.'
+            : 'Fix the deterministic harness/browser/server/Mongo blocker before product repair.', isCompile ? 'compile_repair_only' : 'infra_repair_only', false, false, isCompile
+            ? [
+                'Read the exact compile/build log and identify the first actionable error.',
+                'Fix missing dependency, stale artifact, command, cache, or type wiring required by the compile gate.',
+                'Rerun the same finite compile command.',
+                'Return the compile log artifact and status.'
+            ]
+            : [
+                'Run preflight for Puppeteer, Chrome executable, ports, Mongo/settings, and startup command.',
+                'Repair only the failing harness/environment item.',
+                'Rerun the same infra check.',
+                'Return the infra log and pass/fail status.'
+            ], isCompile
+            ? ['compile command', 'compile log artifact', 'first failing error fixed or still failing']
+            : ['preflight command', 'infra log artifact', 'specific repaired environment item'], ['same check now passes', 'new infra/compile blocker hash'], ['run product-code model repair', 'count this as product failure', 'accept route/business success without the compile/infra gate']);
+    }
+    if (action === 'park_repeated_failure' || action === 'park_ping_pong') {
+        return makePlan('blocked_until_new_evidence', action === 'park_ping_pong' ? 'Park Ping-Pong Loop' : 'Park Repeated Failure', 'Stop the current loop until new evidence changes the diagnosis, route, or repair target.', 'collect_new_evidence_only', false, false, [
+            'Do not rerun the same prompt or same repair.',
+            'Show the repeated blocker and evidence hash.',
+            'Collect a new artifact: failing DOM state, stack trace, network response, Mongo delta, compile log, or revised diagnosis.',
+            'Reset the loop only after material evidence changes the blocker, proof, diagnosis, journey, or actionable trace.'
+        ], ['same failure count', 'blocker fingerprint', 'evidence hash'], ['changed blocker fingerprint', 'changed evidence hash', 'new artifact path', 'business/compile/infra/release proof artifact', 'revised diagnosis or journey contract', 'new actionable trace or data delta'], ['alternate between two failed patches', 'increase loop budget without evidence', 'hide the park reason']);
+    }
+    if (failureClass === 'journey') {
+        return makePlan('journey_contract_repair', 'Repair Journey Contract', 'Fix the first/next/last workflow contract before app code work continues.', 'journey_contract_repair', false, true, [
+            'Open docs/APP_JOURNEY_CONTRACT.md.',
+            'Define first_screen, north_star_workflow, screen_sequence, data_story, completion_states, and qa_assertions.',
+            'Give every north_star_workflow step a stable id and map each screen_sequence row with workflow_step_id or exact route/CTA.',
+            'Map every qa_assertions row to workflow_step_id or covers_workflow_step_ids so QA can walk first/next/last deterministically.',
+            'Ensure each CTA maps to an action, route, method, calculation, or state transition.',
+            'Validate that sample data can drive the promised workflow.'
+        ], ['validated journey_contract JSON', 'CTA-to-action mapping', 'screen-to-workflow mapping', 'workflow QA assertions mapped to step ids'], ['journey validation passes', 'new workflow QA rows generated'], ['build empty routes', 'add link-only dashboard actions', 'defer workflow design to wow pass']);
+    }
+    if (failureClass === 'release') {
+        return makePlan('release_repair', 'Repair Release Gate', 'Repair deploy/publish/sample-data release evidence with a hotfix-first path before any repeated full deploy.', 'release_repair_only', false, false, [
+            'Read the deploy/publish/sample-data log.',
+            'Identify whether the blocker is domain, asset, seed data, route, permission, or CDN.',
+            'Prefer backend hotfix, release config, domain, cache, or seed-data repair when the product artifact already has business proof.',
+            'Rerun only the failed release gate.'
+        ], ['deploy or publish log', 'sample-data status', 'failed release gate rerun'], ['release gate passes', 'new release blocker hash'], ['change core workflow after business QA passed', 'mark accepted from scorecard only', 'rerun full builder loop', 'repeat deploy of same artifact without force_deploy evidence']);
+    }
+    if (failureClass === 'business' || failureClass === 'qa_evidence' || failureClass === 'route') {
+        return makePlan('business_proof_repair', 'Repair Business Proof', 'Fix the exact failing workflow assertion and prove before/action/after behavior.', 'business_repair', true, true, [
+            'Open the failing QA row or proof_plan.',
+            'Trace the UI action to method/publication/query/calculation.',
+            'Patch the smallest owner or workflow files.',
+            'Rerun only the failed business assertion.',
+            'Record DOM/data/Mongo/artifact proof.'
+        ], ['failing assertion', 'action trace', 'business proof artifact'], ['business assertion passes', 'new failed assertion with new evidence'], ['treat route load as success', 'rerun unrelated QA rows first', 'accept scorecard-only evidence']);
+    }
+    if (input.productRepairFailure !== false || failureClass === 'product_code') {
+        return makePlan('product_code_repair', 'Run Targeted Product Repair', 'Repair the current product-code blocker with the smallest scoped edit and immediate proof.', 'targeted_product_repair', true, true, [
+            'Inspect the current blocker, artifacts, changed files, and owner/workflow scope.',
+            'Form one small repair hypothesis.',
+            'Patch only files justified by the active diagnosis or journey contract.',
+            'Rerun the smallest failed gate.',
+            'Record new evidence before any additional loop.'
+        ], ['owner/workflow scope', 'repair diff', 'failed gate rerun artifact'], ['new evidence hash', 'same gate passes'], ['broad repo search-and-edit', 'rerun the same prompt without inspecting artifacts', 'change unrelated UI polish']);
+    }
+    return makePlan('continue', 'Continue Current Gate', 'Continue the current lane because no blocking loop or infra condition was detected.', 'continue', false, false, [
+        'Use the active lane memory.',
+        'Run the next finite gate.',
+        'Record artifacts and evidence hash.'
+    ], ['active lane memory', 'finite gate artifact'], ['new gate result', 'new artifact path'], ['spawn duplicate runners', 'advance without evidence']);
+}
+function collectOpenTail(records) {
+    var tail = [];
+    for (var index = records.length - 1; index >= 0; index -= 1) {
+        var record = records[index];
+        if (isPassingOutcome(record)) {
+            break;
+        }
+        tail.unshift(record);
+    }
+    return tail;
+}
+function countSameFailure(records, current) {
+    var currentKey = failureKey(current);
+    var count = 0;
+    for (var index = records.length - 1; index >= 0; index -= 1) {
+        var record = records[index];
+        if (isPassingOutcome(record)) {
+            break;
+        }
+        if (failureKey(record) !== currentKey) {
+            break;
+        }
+        count += 1;
+    }
+    return count;
+}
+function previousRecordForPolicy(history, current, currentWasExplicit) {
+    if (!history.length) {
+        return undefined;
+    }
+    if (!currentWasExplicit) {
+        return history.length > 1 ? history[history.length - 2] : undefined;
+    }
+    var last = history[history.length - 1];
+    if (failureEvidenceKey(last) === failureEvidenceKey(current)) {
+        return history.length > 1 ? history[history.length - 2] : undefined;
+    }
+    return last;
+}
+function countPingPong(records, current) {
+    var tail = collectOpenTail(records).filter(function (record) {
+        return cleanText(record.lane, 80) === cleanText(current.lane, 80)
+            && cleanText(record.stepType, 80) === cleanText(current.stepType, 80);
+    });
+    if (tail.length < 4) {
+        return 0;
+    }
+    var keys = tail.map(failureKey).filter(Boolean);
+    var last = keys.slice(-6);
+    if (last.length < 4) {
+        return 0;
+    }
+    var distinct = Array.from(new Set(last));
+    if (distinct.length !== 2) {
+        return 0;
+    }
+    for (var index = 2; index < last.length; index += 1) {
+        if (last[index] !== last[index - 2]) {
+            return 0;
+        }
+    }
+    return last.length - 1;
+}
+function decideResolveIOAIManagerPolicy(input) {
+    var history = Array.isArray(input.history) ? input.history : [];
+    var currentWasExplicit = !!input.current;
+    var current = input.current || history[history.length - 1] || {};
+    var failureClass = normalizeResolveIOAIManagerFailureClass(current.failureClass);
+    var blockerFingerprint = resolveResolveIOAIManagerBlockerFingerprint(current);
+    var evidenceHash = hashResolveIOAIManagerEvidence(current);
+    var previous = previousRecordForPolicy(history, current, currentWasExplicit);
+    var previousSameFailure = previous && failureKey(previous) === failureKey(current);
+    var evidenceAssessment = previousSameFailure
+        ? assessResolveIOAIManagerEvidenceChange(previous, current)
+        : {
+            changed: false,
+            material: false,
+            strength: 'none',
+            signals: [],
+            evidenceHash: evidenceHash,
+            blockerFingerprint: blockerFingerprint
+        };
+    var newEvidence = !!previousSameFailure && evidenceAssessment.changed;
+    var sameFailureCount = countSameFailure(history, current);
+    var pingPongCount = countPingPong(history, current);
+    var maxSameFailureRepeats = Math.max(1, Number(input.maxSameFailureRepeats || 3) || 3);
+    var maxPingPongTransitions = Math.max(3, Number(input.maxPingPongTransitions || 3) || 3);
+    var infraClasses = new Set((input.infraFailureClasses || ['infra', 'compile']).map(normalizeResolveIOAIManagerFailureClass));
+    var ignoredClasses = new Set((input.ignoredFailureClasses || []).map(normalizeResolveIOAIManagerFailureClass));
+    var base = {
+        failureClass: failureClass,
+        blockerFingerprint: blockerFingerprint,
+        evidenceHash: evidenceHash,
+        sameFailureCount: sameFailureCount,
+        pingPongCount: pingPongCount,
+        newEvidence: newEvidence,
+        materialEvidence: evidenceAssessment.material,
+        evidenceStrength: evidenceAssessment.strength,
+        evidenceSignals: evidenceAssessment.signals,
+        loopBudgetShouldReset: false,
+        productRepairFailure: !infraClasses.has(failureClass) && !ignoredClasses.has(failureClass)
+    };
+    var withPlan = function (action, reason, overrides) {
+        if (overrides === void 0) { overrides = {}; }
+        var merged = __assign(__assign({}, base), overrides);
+        var recoveryPlan = buildResolveIOAIManagerRecoveryPlan({
+            action: action,
+            reason: reason,
+            failureClass: merged.failureClass,
+            lane: current.lane,
+            stepType: current.stepType,
+            blocker: current.blocker || current.summary,
+            sameFailureCount: merged.sameFailureCount,
+            pingPongCount: merged.pingPongCount,
+            newEvidence: merged.newEvidence,
+            productRepairFailure: merged.productRepairFailure,
+            changedFiles: current.changedFiles,
+            artifactPaths: current.artifactPaths,
+            maxSameFailureRepeats: maxSameFailureRepeats
+        });
+        var recoveryCheckpoint = buildResolveIOAIManagerRecoveryCheckpoint({
+            plan: recoveryPlan,
+            current: current
+        });
+        var recoveryEvidenceProbe = buildResolveIOAIManagerRecoveryEvidenceProbe({
+            checkpoint: recoveryCheckpoint,
+            current: current
+        });
+        return __assign(__assign({}, merged), { action: action, reason: reason, recoveryPlan: recoveryPlan, recoveryCheckpoint: recoveryCheckpoint, recoveryEvidenceProbe: recoveryEvidenceProbe, recoveryAction: buildResolveIOAIManagerRecoveryActionPacket({
+                plan: recoveryPlan,
+                checkpoint: recoveryCheckpoint,
+                probe: recoveryEvidenceProbe,
+                current: current
+            }) });
+    };
+    if (isPassingOutcome(current)) {
+        return withPlan('reset_loop_budget', 'manager_policy_progress_passed', {
+            loopBudgetShouldReset: true,
+            productRepairFailure: false
+        });
+    }
+    if (isManualOutcome(current)) {
+        return withPlan('manual_handoff', 'manager_policy_manual_or_stopped');
+    }
+    if (pingPongCount >= maxPingPongTransitions) {
+        return withPlan('park_ping_pong', 'manager_policy_ping_pong_failure_loop');
+    }
+    if (sameFailureCount >= maxSameFailureRepeats && !evidenceAssessment.material) {
+        return withPlan('park_repeated_failure', newEvidence
+            ? 'manager_policy_same_failure_with_weak_evidence'
+            : 'manager_policy_same_failure_without_new_evidence');
+    }
+    if (infraClasses.has(failureClass)) {
+        return withPlan('retry_infra', 'manager_policy_infra_failure_routes_to_infra_repair', {
+            productRepairFailure: false
+        });
+    }
+    if (newEvidence || !previousSameFailure) {
+        if (newEvidence && !evidenceAssessment.material) {
+            return withPlan('continue', 'manager_policy_weak_evidence_does_not_reset_loop_budget');
+        }
+        return withPlan('continue', newEvidence
+            ? 'manager_policy_new_material_evidence_resets_loop_budget'
+            : 'manager_policy_new_failure_or_lane', {
+            loopBudgetShouldReset: true,
+            materialEvidence: newEvidence ? true : base.materialEvidence,
+            evidenceStrength: newEvidence ? evidenceAssessment.strength : base.evidenceStrength
+        });
+    }
+    return withPlan('continue', 'manager_policy_retry_below_repeat_limit');
+}
+function buildReplayDirectiveFromPlan(input) {
+    var checkpoint = buildResolveIOAIManagerRecoveryCheckpoint({
+        plan: input.plan,
+        current: input.current,
+        now: input.now
+    });
+    var probe = buildResolveIOAIManagerRecoveryEvidenceProbe({
+        checkpoint: checkpoint,
+        current: input.current,
+        now: input.now
+    });
+    var action = buildResolveIOAIManagerRecoveryActionPacket({
+        plan: input.plan,
+        checkpoint: checkpoint,
+        probe: probe,
+        current: input.current,
+        now: input.now
+    });
+    var dispatch = decideResolveIOAIManagerRecoveryActionDispatch({
+        action: action,
+        current: input.current,
+        now: input.now
+    });
+    return buildResolveIOAIManagerRecoveryExecutionDirective({
+        action: action,
+        dispatchDecision: dispatch,
+        current: input.current,
+        surface: input.surface,
+        now: input.now
+    });
+}
+function replayCaseFromDirective(input) {
+    var _a;
+    var directive = input.directive;
+    var safeAutoDispatch = isResolveIOAIManagerSafeAutoDispatch({
+        dispatchAction: directive.dispatchAction,
+        directive: directive,
+        includeJourneyContractRepair: input.expectedSafeAutoDispatch && directive.dispatchAction === 'run_journey_contract_repair',
+        includeReleaseRepair: input.expectedSafeAutoDispatch && directive.dispatchAction === 'run_release_repair',
+        includeProductRepair: false
+    });
+    return __assign(__assign({ caseId: input.caseId, surface: input.surface, pass: input.pass && safeAutoDispatch === input.expectedSafeAutoDispatch, action: input.action, reason: input.reason, recoveryClass: cleanText(((_a = directive.dispatchRecord) === null || _a === void 0 ? void 0 : _a.mode) || directive.phase, 120), dispatchAction: directive.dispatchAction, safeAutoDispatch: safeAutoDispatch, expectedSafeAutoDispatch: input.expectedSafeAutoDispatch, productRepairAllowed: directive.canRunProductRepair === true, loopBudgetShouldReset: input.loopBudgetShouldReset === true, materialEvidence: input.materialEvidence === true, evidenceStrength: input.evidenceStrength || 'none' }, (directive.releasePolicy ? {
+        hotfixFirst: directive.releasePolicy.policy === 'hotfix_first',
+        fullDeployAllowed: directive.releasePolicy.fullDeployAllowed
+    } : {})), { details: __assign({ phase: directive.phase, allowed: directive.allowed, reason: directive.reason, releasePolicy: directive.releasePolicy }, (input.details || {})) });
+}
+function buildResolveIOAIManagerRecoveryReplayMatrix(input) {
+    var _a, _b;
+    if (input === void 0) { input = {}; }
+    var surface = cleanText(input.surface || 'runner', 120);
+    var maxSameFailureRepeats = Math.max(1, Number(input.maxSameFailureRepeats || 2) || 2);
+    var includeReleaseRepair = input.includeReleaseRepair !== false;
+    var includeJourneyContractRepair = input.includeJourneyContractRepair !== false;
+    var cases = [];
+    var infraPolicy = decideResolveIOAIManagerPolicy({
+        history: [
+            { lane: 'qa', stepType: 'workflow_qa', outcome: 'needs_repair', failureClass: 'infra', blocker: 'Chrome executable missing.', evidenceHash: 'chrome-missing' }
+        ],
+        current: { lane: 'qa', stepType: 'workflow_qa', outcome: 'needs_repair', failureClass: 'infra', blocker: 'Chrome executable missing.', evidenceHash: 'chrome-missing' },
+        maxSameFailureRepeats: maxSameFailureRepeats
+    });
+    var infraDirective = buildResolveIOAIManagerRecoveryExecutionDirective({
+        action: infraPolicy.recoveryAction,
+        current: { lane: 'qa', stepType: 'workflow_qa', outcome: 'needs_repair', failureClass: 'infra', blocker: 'Chrome executable missing.', evidenceHash: 'chrome-missing' },
+        surface: surface
+    });
+    cases.push(replayCaseFromDirective({
+        caseId: 'infra_routes_to_infra_repair',
+        surface: surface,
+        action: infraPolicy.action,
+        reason: infraPolicy.reason,
+        directive: infraDirective,
+        expectedSafeAutoDispatch: true,
+        pass: infraPolicy.action === 'retry_infra'
+            && infraPolicy.recoveryPlan.recoveryClass === 'infra_repair'
+            && infraDirective.dispatchAction === 'run_infra_repair'
+            && infraDirective.canRunProductRepair === false,
+        details: { recoveryClass: infraPolicy.recoveryPlan.recoveryClass }
+    }));
+    var releasePlan = buildResolveIOAIManagerRecoveryPlan({
+        action: 'continue',
+        reason: 'publish failed after business proof',
+        failureClass: 'release',
+        lane: 'publish',
+        stepType: 'test_deploy',
+        blocker: 'Domain publish failed for the current artifact.'
+    });
+    var releaseCurrent = {
+        lane: 'publish',
+        stepType: 'test_deploy',
+        outcome: 'needs_repair',
+        failureClass: 'release',
+        blocker: 'Domain publish failed for the current artifact.',
+        evidenceHash: 'release-domain-publish-failed',
+        artifactPaths: ['runner-evidence/release-status.json']
+    };
+    var releaseDirective = buildReplayDirectiveFromPlan({
+        surface: surface,
+        plan: releasePlan,
+        current: releaseCurrent
+    });
+    cases.push(replayCaseFromDirective({
+        caseId: 'release_uses_hotfix_first_repair',
+        surface: surface,
+        action: 'continue',
+        reason: 'publish failed after business proof',
+        directive: releaseDirective,
+        expectedSafeAutoDispatch: includeReleaseRepair,
+        pass: releasePlan.recoveryClass === 'release_repair'
+            && releaseDirective.dispatchAction === 'run_release_repair'
+            && ((_a = releaseDirective.releasePolicy) === null || _a === void 0 ? void 0 : _a.policy) === 'hotfix_first'
+            && ((_b = releaseDirective.releasePolicy) === null || _b === void 0 ? void 0 : _b.fullDeployAllowed) === false
+            && releaseDirective.canRunProductRepair === false,
+        details: { recoveryClass: releasePlan.recoveryClass }
+    }));
+    var journeyPlan = buildResolveIOAIManagerRecoveryPlan({
+        action: 'continue',
+        reason: 'journey contract missing first next last',
+        failureClass: 'journey',
+        lane: 'plan',
+        stepType: 'journey_contract',
+        blocker: 'Journey contract does not map the hub CTA to an action.'
+    });
+    var journeyDirective = buildReplayDirectiveFromPlan({
+        surface: surface,
+        plan: journeyPlan,
+        current: {
+            lane: 'plan',
+            stepType: 'journey_contract',
+            outcome: 'needs_repair',
+            failureClass: 'journey',
+            blocker: 'Journey contract does not map the hub CTA to an action.',
+            evidenceHash: 'journey-contract-invalid'
+        }
+    });
+    cases.push(replayCaseFromDirective({
+        caseId: 'journey_repair_is_safe_only_for_aicoder_surfaces',
+        surface: surface,
+        action: 'continue',
+        reason: 'journey contract missing first next last',
+        directive: journeyDirective,
+        expectedSafeAutoDispatch: includeJourneyContractRepair,
+        pass: journeyPlan.recoveryClass === 'journey_contract_repair'
+            && journeyDirective.dispatchAction === 'run_journey_contract_repair'
+            && journeyDirective.canRunProductRepair === false,
+        details: { recoveryClass: journeyPlan.recoveryClass }
+    }));
+    var weakPolicy = decideResolveIOAIManagerPolicy({
+        history: [
+            { lane: 'repair', stepType: 'repair', outcome: 'needs_repair', failureClass: 'product_code', blocker: 'Save action still throws TypeError.', evidenceHash: 'save-before' },
+            { lane: 'repair', stepType: 'repair', outcome: 'needs_repair', failureClass: 'product_code', blocker: 'Save action still throws TypeError.', evidenceHash: 'renamed-hash-only' }
+        ],
+        current: { lane: 'repair', stepType: 'repair', outcome: 'needs_repair', failureClass: 'product_code', blocker: 'Save action still throws TypeError.', evidenceHash: 'renamed-hash-only' },
+        maxSameFailureRepeats: maxSameFailureRepeats
+    });
+    var weakDirective = buildResolveIOAIManagerRecoveryExecutionDirective({
+        action: weakPolicy.recoveryAction,
+        current: { lane: 'repair', stepType: 'repair', outcome: 'needs_repair', failureClass: 'product_code', blocker: 'Save action still throws TypeError.', evidenceHash: 'renamed-hash-only' },
+        surface: surface
+    });
+    cases.push(replayCaseFromDirective({
+        caseId: 'weak_hash_only_evidence_stays_parked',
+        surface: surface,
+        action: weakPolicy.action,
+        reason: weakPolicy.reason,
+        directive: weakDirective,
+        expectedSafeAutoDispatch: true,
+        pass: weakPolicy.action === 'park_repeated_failure'
+            && weakPolicy.materialEvidence === false
+            && weakPolicy.loopBudgetShouldReset === false
+            && weakDirective.dispatchAction === 'run_evidence_probe',
+        loopBudgetShouldReset: weakPolicy.loopBudgetShouldReset,
+        materialEvidence: weakPolicy.materialEvidence,
+        evidenceStrength: weakPolicy.evidenceStrength,
+        details: { evidenceSignals: weakPolicy.evidenceSignals }
+    }));
+    var materialPolicy = decideResolveIOAIManagerPolicy({
+        history: [
+            { lane: 'repair', stepType: 'repair', outcome: 'needs_repair', failureClass: 'product_code', blocker: 'Save action still throws TypeError.', evidenceHash: 'save-before', artifactPaths: ['qa/save-before.log'] },
+            {
+                lane: 'repair',
+                stepType: 'repair',
+                outcome: 'needs_repair',
+                failureClass: 'product_code',
+                blocker: 'Save action still throws TypeError.',
+                summary: 'New DOM trace proves the click reaches the method with an undefined id.',
+                evidenceHash: 'save-dom-trace',
+                artifactPaths: ['qa/save-before.log', 'qa/save-dom-trace.json']
+            }
+        ],
+        current: {
+            lane: 'repair',
+            stepType: 'repair',
+            outcome: 'needs_repair',
+            failureClass: 'product_code',
+            blocker: 'Save action still throws TypeError.',
+            summary: 'New DOM trace proves the click reaches the method with an undefined id.',
+            evidenceHash: 'save-dom-trace',
+            artifactPaths: ['qa/save-before.log', 'qa/save-dom-trace.json']
+        },
+        maxSameFailureRepeats: maxSameFailureRepeats
+    });
+    cases.push({
+        caseId: 'material_evidence_resets_loop_budget',
+        surface: surface,
+        pass: materialPolicy.action === 'continue'
+            && materialPolicy.materialEvidence === true
+            && materialPolicy.loopBudgetShouldReset === true,
+        action: materialPolicy.action,
+        reason: materialPolicy.reason,
+        recoveryClass: materialPolicy.recoveryPlan.recoveryClass,
+        dispatchAction: materialPolicy.recoveryAction.mode,
+        safeAutoDispatch: false,
+        expectedSafeAutoDispatch: false,
+        productRepairAllowed: materialPolicy.recoveryAction.productRepairAllowed,
+        loopBudgetShouldReset: materialPolicy.loopBudgetShouldReset,
+        materialEvidence: materialPolicy.materialEvidence,
+        evidenceStrength: materialPolicy.evidenceStrength,
+        details: { evidenceSignals: materialPolicy.evidenceSignals }
+    });
+    var productPlan = buildResolveIOAIManagerRecoveryPlan({
+        action: 'continue',
+        reason: 'business proof still failing',
+        failureClass: 'product_code',
+        lane: 'repair',
+        stepType: 'repair',
+        blocker: 'Save action still throws TypeError.',
+        productRepairFailure: true
+    });
+    var productDirective = buildReplayDirectiveFromPlan({
+        surface: surface,
+        plan: productPlan,
+        current: {
+            lane: 'repair',
+            stepType: 'repair',
+            outcome: 'needs_repair',
+            failureClass: 'product_code',
+            blocker: 'Save action still throws TypeError.',
+            evidenceHash: 'save-product-repair'
+        }
+    });
+    var productSafe = isResolveIOAIManagerSafeAutoDispatch({
+        dispatchAction: productDirective.dispatchAction,
+        directive: productDirective,
+        includeProductRepair: input.includeProductRepair === true
+    });
+    cases.push({
+        caseId: 'product_repair_requires_explicit_operator_policy',
+        surface: surface,
+        pass: productPlan.recoveryClass === 'product_code_repair'
+            && productDirective.dispatchAction === 'run_targeted_product_repair'
+            && productSafe === false,
+        action: 'continue',
+        reason: 'business proof still failing',
+        recoveryClass: productPlan.recoveryClass,
+        dispatchAction: productDirective.dispatchAction,
+        safeAutoDispatch: productSafe,
+        expectedSafeAutoDispatch: false,
+        productRepairAllowed: productDirective.canRunProductRepair,
+        loopBudgetShouldReset: false,
+        materialEvidence: false,
+        evidenceStrength: 'none',
+        details: { phase: productDirective.phase, allowed: productDirective.allowed }
+    });
+    var duplicateReleasePolicy = buildResolveIOAIManagerHotfixFirstReleasePolicy({
+        surface: surface,
+        deployFingerprint: "".concat(surface, "-artifact-sha"),
+        lastDeployFingerprint: "".concat(surface, "-artifact-sha"),
+        deployStatus: 'completed',
+        publishStatus: 'published'
+    });
+    cases.push({
+        caseId: 'duplicate_release_fingerprint_blocks_full_deploy',
+        surface: surface,
+        pass: duplicateReleasePolicy.recommendedAction === 'block_duplicate_deploy'
+            && duplicateReleasePolicy.duplicateDeployBlocked === true
+            && duplicateReleasePolicy.fullDeployAllowed === false,
+        action: duplicateReleasePolicy.recommendedAction,
+        reason: duplicateReleasePolicy.reason,
+        recoveryClass: 'release_repair',
+        dispatchAction: 'run_release_repair',
+        safeAutoDispatch: includeReleaseRepair,
+        expectedSafeAutoDispatch: includeReleaseRepair,
+        productRepairAllowed: false,
+        loopBudgetShouldReset: false,
+        materialEvidence: false,
+        evidenceStrength: 'none',
+        hotfixFirst: true,
+        fullDeployAllowed: duplicateReleasePolicy.fullDeployAllowed,
+        details: { releasePolicy: duplicateReleasePolicy }
+    });
+    return cases;
+}
+
+//# sourceMappingURL=ai-runner-manager-policy.js.map