npm - @roadmapperai/mcp - Versions diffs - 0.9.1 → 0.9.4 - Mend

@roadmapperai/mcp 0.9.1 → 0.9.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/server.mjs CHANGED Viewed

@@ -326,6 +326,13 @@ async function fetchWorkspaceEntitiesViaBroker() {
       pillars: Array.isArray(parsed.pillars) ? parsed.pillars : [],
       capabilities: Array.isArray(parsed.capabilities) ? parsed.capabilities : [],
       tasks: Array.isArray(parsed.tasks) ? parsed.tasks : [],
+      // Additive (migration 0108): the workspace_settings row, used to
+      // resolve agent_theme_autonomy. Absent on older backends → null,
+      // which the projection treats as "all defaults" (autonomy on).
+      settings:
+        parsed.settings && typeof parsed.settings === "object"
+          ? parsed.settings
+          : null,
     };
   } catch {
     return null;
@@ -587,6 +594,9 @@ function __setSnapshotWorkspaceForTest(value) {
 let _clientRoots = []; // array of absolute dir paths from the client
 let _rootWorkspace = undefined; // undefined=unresolved, null=resolved-but-none, string=workspaceId
 let _rootWorkspaceRepo = null; // the owner/repo that resolved (for diagnostics)
+let _rootWorkspaceMatches = []; // [{ ws, slug }] for EVERY mapped open root — kept
+// (not just the first) so get_active_workspace can report the ambiguous case
+// instead of silently committing to matches[0].
 let _clientSupportsRoots = false; // set from initialize params.capabilities.roots
 const ROOTS_LIST_REQUEST_ID = "roadmapper-roots-list"; // our id for the roots/list request we send
@@ -612,6 +622,7 @@ function setClientRoots(roots) {
   // Invalidate the cached resolution so the next access re-derives it.
   _rootWorkspace = undefined;
   _rootWorkspaceRepo = null;
+  _rootWorkspaceMatches = [];
 }
 /**
@@ -619,7 +630,21 @@ function setClientRoots(roots) {
  * to find the repo root implicitly via `git -C <dir>`. Returns null if
  * the dir isn't a git repo, has no origin, or git isn't available.
  */
+// Test seam: when set, repoSlugForDir returns this without shelling out
+// to git. Lets the selftest exercise link_repo deterministically (the
+// git call is environment-dependent and slow). Map of dir → slug, or a
+// bare string applied to any dir. null/undefined = real git resolution.
+let _repoSlugOverride = undefined;
+function __setRepoSlugForTest(v) {
+  _repoSlugOverride = v;
+}
 async function repoSlugForDir(dir) {
+  if (_repoSlugOverride !== undefined) {
+    return typeof _repoSlugOverride === "string"
+      ? _repoSlugOverride
+      : (_repoSlugOverride && _repoSlugOverride[dir]) || null;
+  }
   try {
     // Async so a slow/hanging git call never blocks the stdin event loop
     // (this runs while handling the client's roots/list reply). 2s cap.
@@ -698,6 +723,7 @@ async function resolveRootWorkspace() {
         `Pass workspaceId explicitly on calls to target a specific one.`
     );
   }
+  _rootWorkspaceMatches = matches;
   if (matches.length > 0) {
     _rootWorkspace = matches[0].ws;
     _rootWorkspaceRepo = matches[0].slug;
@@ -708,6 +734,24 @@ async function resolveRootWorkspace() {
   return null;
 }
+/**
+ * Distinct workspaces the currently-open roots map to, as
+ * `[{ workspaceId, repo }]`. Length > 1 means the resolution is
+ * ambiguous (two mapped repos open at once) and the caller picked the
+ * first — get_active_workspace surfaces this so the agent can pass an
+ * explicit workspaceId instead of trusting the silent first-match.
+ */
+function rootWorkspaceCandidates() {
+  const seen = new Set();
+  const out = [];
+  for (const m of _rootWorkspaceMatches) {
+    if (seen.has(m.ws)) continue;
+    seen.add(m.ws);
+    out.push({ workspaceId: m.ws, repo: m.slug });
+  }
+  return out;
+}
 /** Cached root-derived workspace id (sync read). null if none/unresolved. */
 function rootWorkspaceId() {
   return _rootWorkspace ?? null;
@@ -715,9 +759,11 @@ function rootWorkspaceId() {
 // Test hook: seed the root-resolution cache without touching the client
 // protocol or the network.
-function __setRootWorkspaceForTest(id, repo = null) {
+function __setRootWorkspaceForTest(id, repo = null, matches = null) {
   _rootWorkspace = id;
   _rootWorkspaceRepo = repo;
+  _rootWorkspaceMatches =
+    matches ?? (id ? [{ ws: id, slug: repo }] : []);
 }
 /**
@@ -814,6 +860,7 @@ async function readWorkspaceProjected(wsIdOverride) {
         themes: ent.pillars.map(rowToThemeProjected),
         capabilities: ent.capabilities.map(rowToCapabilityProjected),
         tasks: ent.tasks.map(rowToTaskProjected),
+        settings: rowToSettingsProjected(ent.settings),
       };
     }
     // Broker failed — fall through to the direct read below. On a pure
@@ -837,15 +884,22 @@ async function readWorkspaceProjected(wsIdOverride) {
     return res.json();
   };
   try {
-    const [pillars, caps, tasks] = await Promise.all([
+    const [pillars, caps, tasks, settingsRows] = await Promise.all([
       fetchTable("pillars?select=*"),
       fetchTable("capabilities?select=*"),
       fetchTable("tasks?select=*"),
+      // Operator path: workspace_settings is one row per workspace.
+      // Tolerate the table not existing on an older DB (404) — fall
+      // back to defaults rather than failing the whole read.
+      fetchTable("workspace_settings?select=*").catch(() => []),
     ]);
     return {
       themes: pillars.map(rowToThemeProjected),
       capabilities: caps.map(rowToCapabilityProjected),
       tasks: tasks.map(rowToTaskProjected),
+      settings: rowToSettingsProjected(
+        Array.isArray(settingsRows) ? settingsRows[0] : settingsRows
+      ),
     };
   } catch (e) {
     log("supabase entity read failed:", e.message);
@@ -857,6 +911,20 @@ async function readWorkspaceProjected(wsIdOverride) {
  *  the same camelCase keys the SPA + agent surfaces have always
  *  used; the legacy JSONB shape and these table rows agree on
  *  every field. */
+/**
+ * Project a workspace_settings row to the camelCase shape the server
+ * reads. Tolerant of null / {} (no row yet, or an older backend that
+ * doesn't return settings): every flag falls back to its product
+ * default. agent_theme_autonomy defaults TRUE — agents create themes
+ * autonomously unless a workspace explicitly turns it off.
+ */
+function rowToSettingsProjected(r) {
+  const row = r && typeof r === "object" ? r : {};
+  return {
+    // Default true: missing column / row / backend all mean "on".
+    agentThemeAutonomy: row.agent_theme_autonomy !== false,
+  };
+}
 function rowToThemeProjected(r) {
   return stripUndefined({
     id: r.id,
@@ -1042,13 +1110,29 @@ function compactResult(obj) {
  * concurrent agent writes safe — see migration 0006 for the
  * function bodies.
  */
+// A few write tools forward to a differently-named SECURITY DEFINER RPC
+// (the *_for_api_key convention). The broker has the matching map
+// (WRITE_RPC_ALIASES); we mirror it here so the operator path (direct
+// PostgREST, no broker) hits the same function name. Tools not listed
+// forward to an RPC of the same name (the common case).
+const RPC_ALIASES = {
+  link_repo: "link_repo_for_api_key",
+};
 async function rpcCall(fn, body) {
   const { url, writeKey, apiKey, brokerUrl } = supabaseConfig();
-  // body must already carry p_workspace_id — the per-tool resolver
-  // injects it before calling rpcCall so the override path works.
-  if (!url || !body?.p_workspace_id) {
+  if (!url) {
+    throw new Error("Write tools require ROADMAPPER_BACKEND_URL in env.");
+  }
+  // The body must carry p_workspace_id EXCEPT on the broker path, where
+  // the broker injects the validated workspace from the rmpr_ key (see
+  // link_repo, which deliberately omits it so the key's workspace wins
+  // rather than tripping the broker's cross-workspace guard). On the
+  // operator path there's no broker to supply it, so it's required.
+  const onBrokerPath = Boolean(apiKey && brokerUrl);
+  if (!onBrokerPath && !body?.p_workspace_id) {
     throw new Error(
-      "Write tools require ROADMAPPER_BACKEND_URL in env and a resolvable workspaceId (either ROADMAPPER_WORKSPACE_ID env or workspaceId arg)."
+      "Write tools require a resolvable workspaceId (either ROADMAPPER_WORKSPACE_ID env or workspaceId arg)."
     );
   }
@@ -1085,7 +1169,10 @@ async function rpcCall(fn, body) {
       "Write tools require either ROADMAPPER_API_KEY (customer path) or ROADMAPPER_ADMIN_KEY (operator path)."
     );
   }
-  const res = await fetch(`${url}/rest/v1/rpc/${fn}`, {
+  // Resolve the alias for the direct PostgREST call (the broker does this
+  // server-side for the customer path; the operator path goes direct).
+  const rpcName = RPC_ALIASES[fn] ?? fn;
+  const res = await fetch(`${url}/rest/v1/rpc/${rpcName}`, {
     method: "POST",
     headers: {
       apikey: writeKey,
@@ -1098,7 +1185,7 @@ async function rpcCall(fn, body) {
   if (!res.ok) {
     const txt = await res.text();
     throw new Error(
-      `rpc ${fn} failed: ${res.status} ${txt.slice(0, 300)}`
+      `rpc ${rpcName} failed: ${res.status} ${txt.slice(0, 300)}`
     );
   }
   return res.json();
@@ -1338,6 +1425,27 @@ function jaccardScore(a, b) {
   return overlap / Math.max(a.size, b.size);
 }
+// ── Theme sprawl control ──────────────────────────────────────────
+//
+// With agent_theme_autonomy ON (the default), the old "stop and ask a
+// human before any new theme" guard is gone — so the sprawl guard has
+// to live server-side instead. A proposed theme whose name+description
+// overlaps an existing active theme at or above this bar is almost
+// certainly a near-duplicate ("Data Intelligence" vs "Data &
+// Intelligence"); propose_theme refuses it and points at the match so
+// the agent reuses/updates that theme instead of minting a sibling.
+// Set deliberately high: themes are coarse, so only a strong overlap
+// is a real duplicate. 0.6 blocks name-containment dups ("Data
+// Intelligence" ⊂ "Data Intelligence Platform" = 0.67) without
+// false-positiving on two distinct short themes that happen to share
+// ONE word ("Customer Loyalty" vs "Customer Retention" = 0.5 < 0.6).
+// force:true overrides for the rare legitimate case.
+const THEME_SPRAWL_BLOCK = 0.6;
+// Two existing themes overlapping at/above this are flagged as a
+// consolidation candidate by detect_theme_sprawl (lower than the block
+// bar — we want to surface drift before it's an exact dup).
+const THEME_SPRAWL_WARN = 0.34;
 // ── Session state + enforcement gates ─────────────────────────────
 //
 // One process serves one MCP client (stdio). State below is the
@@ -1427,6 +1535,88 @@ function discoveryMissingResult(toolName, fixCall, rationale) {
   };
 }
+/**
+ * Block result for a mutator whose target workspace fell through to the
+ * install's env default WHILE the agent is sitting in a git repo that
+ * isn't mapped to any workspace. Same shape + self-heal rationale as the
+ * rubric gate: name the exact fix so the LLM links the repo, then retries.
+ *
+ * Why this is repo-aware, not session-aware — a developer routinely has
+ * SEVERAL repos open in one chat. The gate must only fire for the specific
+ * unmapped repo, and must never brick a legitimate cross-repo write:
+ *   • An explicit `workspaceId` arg → caller is intentionally targeting a
+ *     workspace; never blocked (checked before this is reached).
+ *   • source === "repo"/"snapshot"/"arg" → already resolved to a real
+ *     mapping; this only fires on "env" (the silent install-default
+ *     fall-through), which — because resolveWorkspaceWithSource prefers a
+ *     repo_workspace_map hit — means THIS repo genuinely isn't mapped.
+ *   • No git slug (not in a repo) → nothing to link; fall through to the
+ *     env default rather than deadlock.
+ * The message offers BOTH escape hatches so a multi-repo chat is never
+ * stuck: link_repo (map this repo) OR pass workspaceId (target an existing
+ * workspace without mapping the repo at all).
+ */
+function repoUnmappedResult(toolName, slug, envWsId) {
+  return {
+    content: [
+      {
+        type: "text",
+        text: JSON.stringify(
+          {
+            error: "repo_unmapped",
+            message:
+              `"${slug}" isn't mapped to a workspace, so ${toolName} would land on the install-default workspace "${envWsId}" — probably not what you want. ` +
+              `Map it once with link_repo (this repo → your key's workspace, resolves silently forever after), then retry ${toolName}. ` +
+              `Or, if you meant a specific existing workspace, pass workspaceId on the call and it proceeds without mapping the repo.`,
+            repo: slug,
+            envDefaultWorkspace: envWsId,
+            fix: "link_repo()",
+            alt: `${toolName}({ workspaceId: "<target>", ... })`,
+          },
+          null,
+          2
+        ),
+      },
+    ],
+    isError: true,
+  };
+}
+/**
+ * Decide whether a mutator should be blocked because the agent is in an
+ * unmapped repo and the write would silently hit the env default. Returns
+ * a block result, or null to proceed. Pure + sync (no network) so it's
+ * cheap on every mutator: the per-repo "is it mapped" question was already
+ * answered by resolveWorkspaceWithSource (a mapped repo resolves to
+ * source "repo", never "env"), so we only need the cwd's git slug here.
+ *
+ * Escape hatches, in order:
+ *   1. Explicit workspaceId arg → intentional target, allow.
+ *   2. Writes disabled → not our concern (set_credentials path handles it).
+ *   3. Source isn't "env" → already resolved to a real mapping, allow.
+ *   4. No client roots / no git slug → not in a linkable repo, allow
+ *      (fall through to env default; blocking would deadlock).
+ *   5. Bypass env var set → allow (operator opt-out).
+ */
+async function repoLinkGate(name, args, source, envWsId) {
+  if (args?.workspaceId) return null; // explicit target — never block
+  if (writeMode() === "read-only") return null; // different problem
+  if (source !== "env") return null; // resolved via repo/snapshot/arg
+  if (process.env.ROADMAPPER_ALLOW_UNMAPPED_REPO === "1") return null;
+  if (_clientRoots.length === 0) return null; // not in a repo at all
+  // Find the first open root with a resolvable origin slug. If none, the
+  // agent isn't in a linkable git repo — don't block (let env default win).
+  let slug = null;
+  for (const dir of _clientRoots) {
+    slug = await repoSlugForDir(dir);
+    if (slug) break;
+  }
+  if (!slug) return null;
+  return repoUnmappedResult(name, slug, envWsId);
+}
 /**
  * Telemetry write — fire-and-forget POST to public.mcp_telemetry
  * via PostgREST when a service-role key is set. Never blocks the
@@ -1637,7 +1827,8 @@ const TOOLS = [
   {
     name: "get_active_workspace",
     description:
-      "Report the workspace this server will act on RIGHT NOW and HOW it was resolved — arg / .roadmapper snapshot / env default — plus whether writes are enabled and via which path (broker vs operator). Cheap: no roadmap data, no DB read.\n\n" +
+      "Report the workspace this server will act on RIGHT NOW and HOW it was resolved — arg / repo (git origin → repo_workspace_map) / .roadmapper snapshot / env default — plus whether writes are enabled and via which path (broker vs operator). Cheap: no roadmap data, no DB read.\n\n" +
+      "RETURNS a `status` (resolved | ambiguous | env_default | unresolved), `writesEnabled`, and a `next` action object (or null). Act only on status \"resolved\"; for any other status `next` carries the exact step to fix it (and `candidates` when a pick is needed) — surface it to the user as a one-tap choice rather than guessing.\n" +
       "USE WHEN: you're unsure which workspace is active; before the FIRST mutating call in a session; after changing directories. Especially important when the agent was launched outside a connected repo checkout, where the env default (often the seed workspace) silently wins.\n" +
       "PREREQUISITE: none — read-only.\n" +
       "ANTI-PATTERN: don't use it to inspect roadmap contents — that's get_roadmap_snapshot. This only answers 'where am I pointed'.\n" +
@@ -1654,6 +1845,21 @@ const TOOLS = [
       additionalProperties: false,
     },
   },
+  {
+    name: "link_repo",
+    description:
+      "Persist a mapping from the CURRENT git repo to your workspace, so future sessions in this repo resolve the workspace silently (no env default, no workspaceId arg). Your API key already pins ONE workspace, so this is a one-tap confirm — it links whatever repo you're in to that workspace.\n\n" +
+      "USE WHEN: get_active_workspace returns status \"env_default\" or \"unresolved\" while you ARE in a git repo, and you want writes to land in the right workspace going forward. This is the `next.onChoice` action those statuses point at.\n" +
+      "PREREQUISITE: the client must have shared a root (workspace folder) whose git origin resolves to an owner/name slug, and write auth must be configured (ROADMAPPER_API_KEY or operator key). The repo slug is derived server-side from your roots — you do NOT pass it.\n" +
+      "ANTI-PATTERN: don't call to switch an already-resolved workspace (it can't — your key pins one workspace); don't call outside a git repo (returns an actionable error). If the repo is already mapped to a DIFFERENT workspace, the call returns a conflict rather than stealing it.\n" +
+      "RETURNS status \"linked\" (mapping saved; resolution re-runs so the next call resolves from it), \"conflict\" (repo already maps elsewhere — surfaces the existing workspace), or an error result (no repo / no auth).\n" +
+      "EXAMPLE: link_repo()",
+    inputSchema: {
+      type: "object",
+      properties: {},
+      additionalProperties: false,
+    },
+  },
   {
     name: "propose_task",
     description:
@@ -1694,13 +1900,70 @@ const TOOLS = [
       additionalProperties: false,
     },
   },
+  {
+    name: "propose_tasks",
+    description:
+      "Bulk-create MANY tasks under ONE capability in a single call. Token-efficient: prefer this over N separate propose_task calls when filing a plan — one request, one compact {id,title} array back instead of N round trips. When write tools are live, file directly via this tool; do NOT also paste the full JSON plan into chat (that pays for the plan twice).\n\n" +
+      "USE WHEN: decomposing a capability into its 3-8 tasks, or importing a planned backlog. All tasks share the one capabilityId.\n" +
+      "PREREQUISITE: get_agents_md once this session (enforced). The capability must already exist — propose_capability first if needed.\n" +
+      "INTRA-BATCH DEPENDENCIES: give a task a `ref` (any alias string) and reference it in another task's `dependsOn` — refs are rewritten to the real TK ids after minting. dependsOn entries that aren't a sibling ref pass through as literal existing TK ids.\n" +
+      "PARTIAL SUCCESS: a structural/validation error in any row fails the whole call before writing (fix the batch). Once validated, per-row RPC failures are reported in tasks[].error without sinking the rest.\n" +
+      "ANTI-PATTERN: don't use for a single task (use propose_task); don't spread one capability's tasks across multiple capabilities (call once per capability).\n" +
+      "EXAMPLE: propose_tasks({ capabilityId: 'CAP-018', tasks: [{ ref: 'a', title: 'Schema + migration', effort: 'M' }, { title: 'API endpoint', effort: 'M', dependsOn: ['a'] }] })\n\n" +
+      "Requires write auth (set ROADMAPPER_API_KEY). Pass dryRun:true to validate + preview ids without writing. Pass workspaceId to target a workspace other than the env default.",
+    inputSchema: {
+      type: "object",
+      properties: {
+        capabilityId: { type: "string" },
+        tasks: {
+          type: "array",
+          minItems: 1,
+          maxItems: 100,
+          description: "Task specs. Each needs title + effort; everything else is optional.",
+          items: {
+            type: "object",
+            properties: {
+              ref: {
+                type: "string",
+                description:
+                  "Optional caller alias for intra-batch dependsOn references. Not stored.",
+              },
+              title: { type: "string" },
+              summary: { type: "string" },
+              effort: { type: "string", enum: ["XS", "S", "M", "L", "XL"] },
+              kind: { type: "string", enum: ["feature", "bug", "chore", "spike"] },
+              priority: { type: "string", enum: ["P0", "P1", "P2", "P3"] },
+              acceptance: { type: "array", items: { type: "string" } },
+              dependsOn: {
+                type: "array",
+                items: { type: "string" },
+                description:
+                  "Sibling refs (rewritten to real ids) and/or existing TK-NNNNNN ids.",
+              },
+              owner: { type: "string" },
+              expectedPRs: { type: "number" },
+              expectedScope: { type: "number" },
+              idempotencyKey: { type: "string" },
+            },
+            required: ["title", "effort"],
+            additionalProperties: false,
+          },
+        },
+        dryRun: { type: "boolean" },
+        workspaceId: { type: "string" },
+      },
+      required: ["capabilityId", "tasks"],
+      additionalProperties: false,
+    },
+  },
   {
     name: "propose_theme",
     description:
-      "Propose a new strategic theme (pillar). Themes are years-stable — only propose one when nothing existing fits.\n\n" +
-      "USE WHEN: the work the user is describing genuinely doesn't fit ANY existing theme, AND the user explicitly says they want a new strategic direction. Almost never the right answer in a planning session.\n" +
-      "PREREQUISITE: get_agents_md once this session (enforced). Theme discovery once this session, satisfied by suggest_theme_for (preferred — returns ranked matches with a fit signal), list_themes, or get_roadmap_snapshot. Enforced — the server returns discovery_missing with a fix field if you skip it. Duplicating a theme is the most common failure mode; the gate stops it.\n" +
-      "ANTI-PATTERN: do not call to organize a quarter of work — that's a capability, not a theme. Do not call because the existing themes feel too coarse — they're SUPPOSED to be coarse. Use propose_capability under an existing theme instead.\n" +
+      "Propose a new strategic theme (pillar). Themes are years-stable, coarse pillars — the small top tier of the tree.\n\n" +
+      "AUTONOMY: by default (agent_theme_autonomy ON) you may create a theme without human confirmation when the work genuinely needs a new pillar. The server controls sprawl for you — it REFUSES a near-duplicate of an existing theme (returns error:\"too_similar\" naming the match) so you reuse/update that one instead. If a workspace turned autonomy OFF, propose_theme returns error:\"confirmation_required\" until you surface the theme to the user and retry with confirm:true.\n" +
+      "USE WHEN: the work doesn't fit any existing theme AND represents a distinct multi-year strategic direction. Most planning needs a capability under an existing theme, not a new theme.\n" +
+      "PREREQUISITE: get_agents_md once this session (enforced). Theme discovery once this session, satisfied by suggest_theme_for (preferred — returns ranked matches), list_themes, or get_roadmap_snapshot (enforced — discovery_missing with a fix field otherwise).\n" +
+      "ANTI-PATTERN: do not call to organize a quarter of work — that's a capability. Do not retry with force:true to bypass a too_similar block unless the overlap is a genuine false positive — that's the sprawl guard working.\n" +
       "EXAMPLE: propose_theme({ name: 'AI Agent Reliability', description: 'Multi-year bet on making agent workflows reproducible.', targetRoi: 20000000, idempotencyKey: 'session-1-theme-1' })\n\n" +
       "Requires write auth (set ROADMAPPER_API_KEY). targetRoi is RAW ANNUAL DOLLARS (e.g. 20000000 = $20M), not millions. Pass idempotencyKey so retries don't duplicate. Pass dryRun: true to validate without writing. Pass workspaceId to target a workspace other than the env default.",
     inputSchema: {
@@ -1710,6 +1973,16 @@ const TOOLS = [
         description: { type: "string" },
         color: { type: "string" },
         targetRoi: { type: "number", description: "Annual ROI target in raw dollars (e.g. 20000000 = $20M)." },
+        force: {
+          type: "boolean",
+          description:
+            "Override the too_similar sprawl block. Use ONLY when a flagged overlap with an existing theme is a genuine false positive and this is truly a distinct strategic pillar.",
+        },
+        confirm: {
+          type: "boolean",
+          description:
+            "Set true to proceed when the workspace has agent theme-autonomy turned OFF — your attestation that the user explicitly approved this new theme. Ignored when autonomy is on (the default).",
+        },
         idempotencyKey: { type: "string" },
         dryRun: { type: "boolean" },
         workspaceId: { type: "string" },
@@ -1945,6 +2218,31 @@ const TOOLS = [
       additionalProperties: false,
     },
   },
+  {
+    name: "detect_theme_sprawl",
+    description:
+      "Find pairs/clusters of EXISTING themes that overlap enough to be candidates for consolidation — the 'we have too many near-duplicate pillars' signal. The companion to agent_theme_autonomy: autonomy lets agents create themes freely, this is how you periodically detect and clean up the drift.\n\n" +
+      "How it works: scores every active theme against every other by name+description token overlap, and reports pairs at or above the warn threshold (default 0.34). Each pair comes with the overlap score and a suggested action (merge via move_capabilities + archive_theme).\n" +
+      "USE WHEN: quarterly review, or any time the theme list feels bloated. With autonomy on, run this occasionally to catch sibling themes that should be one.\n" +
+      "PREREQUISITE: none — read-only. Enumerates every theme, so it satisfies the propose_theme discovery gate.\n" +
+      "ANTI-PATTERN: don't auto-merge on a single weak overlap — a human owns theme structure. Tune threshold rather than acting on noise. Two themes CAN legitimately share vocabulary (e.g. 'Data Ingestion' vs 'Data Governance').\n" +
+      "EXAMPLE: detect_theme_sprawl({ threshold: 0.34 })",
+    inputSchema: {
+      type: "object",
+      properties: {
+        threshold: {
+          type: "number",
+          minimum: 0,
+          maximum: 1,
+          description:
+            "Min name+description Jaccard overlap between two themes to flag as a consolidation candidate. Default 0.34. Raise to surface only the most blatant duplicates.",
+        },
+        includeArchived: { type: "boolean" },
+        workspaceId: { type: "string" },
+      },
+      additionalProperties: false,
+    },
+  },
 ];
 /**
@@ -2263,6 +2561,7 @@ function updateLifecycleTools() {
 /** Tools that mutate the workspace — all gated on rubric fetch. */
 const MUTATOR_TOOLS = new Set([
   "propose_task",
+  "propose_tasks",
   "propose_theme",
   "propose_capability",
   "submit_acceptance_grades",
@@ -2296,21 +2595,111 @@ async function callTool(name, args) {
   if (name === "get_active_workspace") {
     const { id, source } = resolveWorkspaceWithSource(args?.workspaceId);
     const { url } = supabaseConfig();
-    let note;
-    if (source === "env") {
-      note =
-        "Resolved from the MCP install's env default — NOT from the current directory. If you meant a specific repo's workspace, launch from that checkout (connected repos carry .roadmapper/snapshot.json) or pass workspaceId explicitly.";
-    } else if (source === "none") {
-      note =
-        "No workspace resolved. Set ROADMAPPER_WORKSPACE_ID in env, run from a connected repo checkout, or pass workspaceId on the call.";
+    const mode = writeMode(); // "broker" | "operator" | "read-only"
+    const candidates = rootWorkspaceCandidates();
+    const ambiguous = source === "repo" && candidates.length > 1;
+    // Map resolution into ONE explicit status. Every state has a defined
+    // outcome and a `next` action the agent can act on directly — no prose
+    // the LLM has to interpret, no state where the answer is "I silently
+    // guessed". This is the contract a caller checks before its first write:
+    // act only on "resolved"; anything else carries the steps to fix it.
+    //   resolved     — arg / repo map / snapshot pinned it; safe to proceed
+    //   ambiguous    — several open repos map to different workspaces
+    //   env_default  — fell through to the install default (the #1 footgun)
+    //   unresolved   — nothing named a workspace at all
+    let status;
+    if (ambiguous) status = "ambiguous";
+    else if (source === "arg" || source === "repo" || source === "snapshot")
+      status = "resolved";
+    else if (source === "env") status = "env_default";
+    else status = "unresolved";
+    // `next`: the single recommended action, machine-shaped so the agent
+    // (or its harness) can turn it into a one-tap prompt. null when nothing
+    // is needed. `prompt` is phrased for a human; `candidates` (when set) is
+    // the pre-resolved pick list so the agent never has to ask open-ended.
+    let next = null;
+    if (status === "ambiguous") {
+      next = {
+        action: "pass_workspace_id",
+        prompt:
+          "Several open repos map to different workspaces. Which one do you mean?",
+        candidates,
+        detail:
+          "Resolution picked the first match. Pass workspaceId explicitly on the call to target a specific workspace.",
+      };
+    } else if (status === "env_default") {
+      next = {
+        action: "confirm_or_relocate",
+        prompt: `Act on the install default workspace "${id}"?`,
+        detail:
+          "Resolved from the MCP install's env default — NOT the current directory. If that's correct, proceed. Otherwise launch from the connected repo checkout (connected repos resolve via git origin → repo_workspace_map, or carry .roadmapper/snapshot.json) or pass workspaceId explicitly.",
+        // If the client shared a git root and writes are enabled, the
+        // agent can persist this repo → workspace in one tap so future
+        // sessions resolve silently (link_repo derives the slug itself).
+        ...(_clientRoots.length > 0 && mode !== "read-only"
+          ? {
+              onChoice: { tool: "link_repo", args: {} },
+              onChoicePrompt: `Link this repo to "${id}" so it resolves automatically next time?`,
+            }
+          : {}),
+      };
+    } else if (status === "unresolved") {
+      next = {
+        action: "configure_workspace",
+        prompt: "No workspace is resolvable. How should I target one?",
+        detail:
+          "Set ROADMAPPER_WORKSPACE_ID in env, run from a connected repo checkout, or pass workspaceId on the call.",
+        ...(_clientRoots.length > 0 && mode !== "read-only"
+          ? {
+              onChoice: { tool: "link_repo", args: {} },
+              onChoicePrompt:
+                "Link the repo you're in to your workspace so it resolves automatically next time?",
+            }
+          : {}),
+      };
+    }
+    // Auth/write gate, reported separately from workspace resolution: a
+    // read-only install can resolve a workspace fine but still can't write.
+    // Surfacing it here lets the agent prompt for credentials BEFORE
+    // attempting a mutator, rather than after it's refused.
+    const writesEnabled = mode !== "read-only";
+    if (!writesEnabled) {
+      next = next ?? {
+        action: "set_credentials",
+        prompt: "Writes are disabled. Connect credentials to enable them?",
+        detail:
+          "Set ROADMAPPER_API_KEY (rmpr_ token from dashboard → Settings → MCP activity) to enable writes through the broker. The key pins exactly one workspace.",
+      };
     }
+    // Back-compat prose for older callers that read `note`.
+    const note =
+      next && (status === "env_default" || status === "unresolved")
+        ? next.detail
+        : undefined;
     return textResult(
       JSON.stringify(
         {
           workspaceId: id,
-          resolvedFrom: source, // "arg" | "snapshot" | "env" | "none"
-          writeMode: writeMode(), // "broker" | "operator" | "read-only"
+          // "arg" | "repo" | "snapshot" | "env" | "none"
+          resolvedFrom: source,
+          status, // "resolved" | "ambiguous" | "env_default" | "unresolved"
+          writeMode: mode, // "broker" | "operator" | "read-only"
+          writesEnabled,
           backendConfigured: Boolean(url),
+          // Only report the repo that actually resolved the workspace —
+          // _rootWorkspaceRepo can hold a stale root match when an arg /
+          // snapshot / env value is what won.
+          repo: source === "repo" ? _rootWorkspaceRepo || null : null,
+          // Candidates only make sense when resolution was ambiguous;
+          // emitting them on a cleanly-resolved response reads as a
+          // contradiction to the agent consuming the envelope.
+          ...(status === "ambiguous" ? { candidates } : {}),
+          next, // recommended action (or null), pre-shaped for a prompt
           ...(note ? { note } : {}),
         },
         null,
@@ -2319,6 +2708,97 @@ async function callTool(name, args) {
     );
   }
+  // link_repo persists "this repo → my key's workspace" so future
+  // sessions resolve silently. Plumbing, not a roadmap write — exempt
+  // from the rubric/discovery gates (it's not in MUTATOR_TOOLS), and it
+  // returns before the projection read since it touches no roadmap data.
+  // The repo slug is derived server-side from the client's roots; the
+  // agent supplies nothing.
+  if (name === "link_repo") {
+    if (writeMode() === "read-only") {
+      return textResult(
+        JSON.stringify({
+          status: "no_auth",
+          error:
+            "Writes are disabled. Set ROADMAPPER_API_KEY (rmpr_ token from dashboard → Settings → MCP activity) to enable linking.",
+        })
+      );
+    }
+    // Find the first open root whose git origin resolves to a slug.
+    let slug = null;
+    for (const dir of _clientRoots) {
+      slug = await repoSlugForDir(dir);
+      if (slug) break;
+    }
+    if (!slug) {
+      return textResult(
+        JSON.stringify({
+          status: "no_repo",
+          error:
+            "Not in a git repo with an 'origin' remote (no resolvable owner/name slug from the client's roots). Open the repo you want to link as a workspace folder and retry.",
+        })
+      );
+    }
+    try {
+      // Workspace-id handling differs by path — link_repo is the one tool
+      // where it MUST:
+      //   • Broker (customer rmpr_) path: do NOT send p_workspace_id. The
+      //     broker's cross-workspace guard 403s when the body's
+      //     p_workspace_id != the key's validated workspace — and link_repo
+      //     is invoked exactly when resolution is env_default/unresolved,
+      //     i.e. when the MCP's resolved wsId is a guess that usually does
+      //     NOT match the key. Omitting it lets the broker inject the
+      //     validated workspace (the key pins it — that's the whole point).
+      //   • Operator path: no broker to inject, so pass the resolved wsId
+      //     to satisfy rpcCall's required-field guard + target the right
+      //     workspace. rpcCall throws (→ "error" result) if it's unresolved.
+      const body =
+        writeMode() === "broker"
+          ? { p_repo: slug }
+          : { p_workspace_id: wsId, p_repo: slug };
+      const res = await rpcCall("link_repo", body);
+      const result = Array.isArray(res) ? res[0] : res;
+      if (result?.status === "linked") {
+        // Force the next resolution to re-read repo_workspace_map so the
+        // freshly-linked mapping wins immediately (no stale cache).
+        _rootWorkspace = undefined;
+        _rootWorkspaceMatches = [];
+        _rootWorkspaceRepo = null;
+        return textResult(
+          JSON.stringify({
+            status: "linked",
+            repo: slug,
+            workspaceId: result.workspace_id ?? wsId,
+            detail:
+              "Mapping saved. This repo now resolves to your workspace on future calls.",
+          })
+        );
+      }
+      if (result?.status === "conflict") {
+        return textResult(
+          JSON.stringify({
+            status: "conflict",
+            repo: slug,
+            existingWorkspace: result.existing_workspace ?? null,
+            detail:
+              "This repo is already linked to a different workspace. It was not changed. Pass workspaceId explicitly if you need to act on a specific workspace.",
+          })
+        );
+      }
+      return textResult(
+        JSON.stringify({ status: "unknown", repo: slug, raw: result ?? null })
+      );
+    } catch (e) {
+      return textResult(
+        JSON.stringify({
+          status: "error",
+          repo: slug,
+          error: e instanceof Error ? e.message : String(e),
+        })
+      );
+    }
+  }
   // Post-Piece-6c, the entity tables ARE the canonical projection
   // — no edits blob, no seed-overlay merge. Fall back to the
   // bundled seed only when the DB is unreachable (offline / dev).
@@ -2364,6 +2844,27 @@ async function callTool(name, args) {
       );
       return rubricMissingResult(name);
     }
+    // Repo-link gate. If the agent is in a git repo that isn't mapped to a
+    // workspace, this write would silently land on the install's env
+    // default. Block once with the link_repo fix (or the workspaceId escape
+    // hatch) so the mapping gets done instead of writes scattering onto the
+    // wrong workspace. Repo-aware so a multi-repo chat is never bricked —
+    // see repoLinkGate / repoUnmappedResult for the full escape-hatch list.
+    {
+      const { source: wsSource } = resolveWorkspaceWithSource(
+        args?.workspaceId
+      );
+      const linkBlock = await repoLinkGate(name, args, wsSource, wsId);
+      if (linkBlock) {
+        session.mutatorBlocks += 1;
+        recordTelemetry(
+          "mutator_blocked_repo_unmapped",
+          { tool: name, targetId },
+          wsId
+        );
+        return linkBlock;
+      }
+    }
     // Per-tool discovery gates. Block propose_theme until the agent
     // has actually inspected the existing theme catalogue, and
     // propose_capability until they've ranked existing caps for fit.
@@ -2581,6 +3082,8 @@ async function callTool(name, args) {
     }
     case "propose_task":
       return proposeTask(args, projected, wsId);
+    case "propose_tasks":
+      return proposeTasks(args, projected, wsId);
     case "propose_theme":
       return proposeTheme(args, projected, wsId);
     case "propose_capability":
@@ -2644,6 +3147,11 @@ async function callTool(name, args) {
       // propose_capability gate (the natural next step on a gap).
       session.capsDiscoveredAt = Date.now();
       return detectCapabilityGaps(args, projected);
+    case "detect_theme_sprawl":
+      // Enumerates every active theme, so it satisfies the propose_theme
+      // discovery gate (consolidating or proposing is the natural next step).
+      session.themesListedAt = Date.now();
+      return detectThemeSprawl(args, projected);
     default:
       return errorResult(`Unknown tool: ${name}`);
   }
@@ -2832,16 +3340,235 @@ async function proposeTask(args, projected, wsId) {
   );
 }
-async function proposeTheme(args, _projected /* unused — themes carry no parent */, wsId) {
+/**
+ * Shared field validation for a single task spec (used by the bulk
+ * propose_tasks path). Returns an error string or null. Mirrors the
+ * inline checks in proposeTask so both paths reject identically.
+ */
+function taskSpecError(t) {
+  const titleErr = validateName(t.title, 5);
+  if (titleErr) return titleErr;
+  if (!t.effort)
+    return "effort is required (one of XS, S, M, L, XL) on every task in the batch.";
+  if (!VALID_EFFORTS.has(t.effort)) return `Invalid effort ${t.effort}.`;
+  if (t.priority && !VALID_PRIORITIES.has(t.priority))
+    return `Invalid priority ${t.priority}.`;
+  if (t.kind && !VALID_KINDS.has(t.kind)) return `Invalid kind ${t.kind}.`;
+  if (t.expectedPRs !== undefined && (typeof t.expectedPRs !== "number" || t.expectedPRs <= 0))
+    return `expectedPRs must be a positive number, got ${t.expectedPRs}.`;
+  if (t.expectedScope !== undefined && (typeof t.expectedScope !== "number" || t.expectedScope <= 0))
+    return `expectedScope must be a positive number, got ${t.expectedScope}.`;
+  return null;
+}
+/** Build a task record from a spec + its pre-minted id. Mirrors the
+ *  object proposeTask constructs (minus the per-call skip warning). */
+function buildTaskRecord(t, cap, id) {
+  const start = todayISO();
+  const target = addDays(start, Math.max(1, Math.ceil(EFFORT_DAYS[t.effort])));
+  return {
+    id,
+    capabilityId: cap.id,
+    title: cleanText(t.title),
+    summary: cleanText(t.summary),
+    status: "planned",
+    priority: t.priority ?? "P2",
+    effort: t.effort,
+    kind: t.kind ?? "feature",
+    start,
+    target,
+    originalTarget: target,
+    progress: 0,
+    owner: t.owner?.trim() ?? "",
+    team: cap.team ?? "",
+    tags: [],
+    prs: [],
+    links: {},
+    acceptance: t.acceptance ?? [],
+    dependsOn: t.dependsOn ?? [],
+    authorKind: "agent",
+    ...(t.expectedPRs !== undefined ? { expectedPRs: t.expectedPRs } : {}),
+    ...(t.expectedScope !== undefined ? { expectedScope: t.expectedScope } : {}),
+  };
+}
+/**
+ * propose_tasks — file MANY tasks under one capability in a single
+ * call. This is the token-efficient path: instead of N round trips
+ * (each with its own tool-call framing + result), the agent sends the
+ * whole batch once and gets back one compact array of {id, title}.
+ *
+ * Intra-batch dependencies: a task may carry a `ref` (a caller-chosen
+ * alias) and other tasks may list that ref in `dependsOn`. We mint all
+ * ids first, then rewrite any dependsOn entry that matches a sibling's
+ * ref to the real TK id. dependsOn entries that aren't a known ref pass
+ * through unchanged (assumed to be existing TK ids).
+ *
+ * Per-item failures don't sink the batch: each result row carries ok
+ * or error, mirroring move_tasks. Validation errors are reported
+ * per-row WITHOUT writing that row; valid rows still get created.
+ */
+async function proposeTasks(args, projected, wsId) {
+  const cap = projected.capabilities.find((c) => c.id === args.capabilityId);
+  if (!cap) return errorResult(`Capability ${args.capabilityId} not found.`);
+  const specs = Array.isArray(args.tasks) ? args.tasks : null;
+  if (!specs || specs.length === 0)
+    return errorResult("tasks must be a non-empty array of task specs.");
+  if (specs.length > 100)
+    return errorResult(`Too many tasks (${specs.length}); cap is 100 per call.`);
+  // Mint ids up front so intra-batch dependsOn refs can resolve.
+  const minted = specs.map((t) => ({ spec: t, id: randomTaskId() }));
+  const refToId = new Map();
+  for (const m of minted) {
+    if (typeof m.spec.ref === "string" && m.spec.ref.trim())
+      refToId.set(m.spec.ref.trim(), m.id);
+  }
+  const resolveDeps = (deps) =>
+    Array.isArray(deps) ? deps.map((d) => refToId.get(d) ?? d) : [];
+  // Validate everything first; a structural error in any row fails the
+  // whole call (cheaper to fix the batch than to half-apply it). RPC
+  // errors below are the per-row, partial-success case.
+  for (let i = 0; i < minted.length; i++) {
+    const err = taskSpecError(minted[i].spec);
+    if (err) return errorResult(`tasks[${i}]: ${err}`);
+  }
+  if (args.dryRun) {
+    return textResult(
+      JSON.stringify({
+        ok: true,
+        dryRun: true,
+        capabilityId: cap.id,
+        wouldCreate: minted.map(({ spec, id }) => ({
+          id,
+          title: cleanText(spec.title),
+          effort: spec.effort,
+        })),
+        message: `Would create ${minted.length} task(s) under ${cap.id} (${cap.name}). No records written.`,
+      }),
+    );
+  }
+  const results = [];
+  let created = 0;
+  for (const { spec, id } of minted) {
+    const record = buildTaskRecord(
+      { ...spec, dependsOn: resolveDeps(spec.dependsOn) },
+      cap,
+      id
+    );
+    try {
+      const rpcResult = await rpcCall("propose_task", {
+        p_workspace_id: wsId,
+        p_task: record,
+        p_idempotency_key: spec.idempotencyKey ?? null,
+      });
+      const stored = rpcResult?.task ?? record;
+      const idempotent = rpcResult?.idempotent === true;
+      if (!idempotent) created += 1;
+      results.push({ ok: true, id: stored.id, title: record.title, idempotent });
+    } catch (e) {
+      results.push({ ok: false, title: record.title, error: e.message });
+    }
+  }
+  const failed = results.filter((r) => !r.ok).length;
+  return textResult(
+    JSON.stringify({
+      ok: failed === 0,
+      capabilityId: cap.id,
+      created,
+      idempotent: results.filter((r) => r.ok && r.idempotent).length,
+      failed,
+      tasks: results,
+      message:
+        `Filed ${created} new task(s) under ${cap.id} (${cap.name})` +
+        (failed ? `; ${failed} failed (see tasks[].error).` : "."),
+    })
+  );
+}
+async function proposeTheme(args, projected, wsId) {
   const nameErr = validateName(args.name, 6);
   if (nameErr) return errorResult(nameErr);
   const name = cleanText(args.name);
+  const description = cleanText(args.description);
+  // ── Sprawl control (always on, independent of autonomy) ──────────
+  // Refuse a near-duplicate of an existing active theme. This is the
+  // server-side replacement for the human gate: instead of asking a
+  // person every time, we only stop the agent when it's about to mint
+  // a theme that overlaps one that already exists. Reuse/update beats
+  // a sibling. force:true is the deliberate override.
+  const activeThemes = (projected?.themes ?? []).filter((t) => !t.archived);
+  const proposedTokens = tokenize(`${name} ${description ?? ""}`);
+  let nearest = null;
+  let nearestScore = 0;
+  for (const t of activeThemes) {
+    const s = jaccardScore(proposedTokens, tokenize(`${t.name} ${t.description ?? ""}`));
+    if (s > nearestScore) {
+      nearestScore = s;
+      nearest = t;
+    }
+  }
+  if (nearest && nearestScore >= THEME_SPRAWL_BLOCK && args.force !== true) {
+    return textResult(
+      JSON.stringify(
+        {
+          error: "too_similar",
+          message:
+            `"${name}" overlaps the existing theme ${nearest.id} (${nearest.name}) ` +
+            `at ${nearestScore.toFixed(2)} (block bar ${THEME_SPRAWL_BLOCK}). Themes are the ` +
+            "small, years-stable top tier — a near-duplicate fragments the strategic view. " +
+            "Reuse it: file your work as a capability under it (propose_capability with " +
+            `pillarId: "${nearest.id}"), or broaden its scope with update_theme. If this is ` +
+            "genuinely a distinct strategic pillar, retry with force:true.",
+          nearestTheme: { id: nearest.id, name: nearest.name, score: Number(nearestScore.toFixed(3)) },
+          fix: `propose_capability({ pillarId: "${nearest.id}", ... })`,
+        },
+        null,
+        2
+      ),
+      { isError: true }
+    );
+  }
+  // ── Autonomy gate ────────────────────────────────────────────────
+  // Default ON: agents create themes without confirmation. A workspace
+  // that flips agent_theme_autonomy OFF re-imposes a human checkpoint —
+  // propose_theme then refuses until the caller passes confirm:true
+  // (the agent's signal that it surfaced the new theme to the user and
+  // got an explicit yes). The sprawl block above still applies either way.
+  const autonomy = projected?.settings?.agentThemeAutonomy !== false;
+  if (!autonomy && args.confirm !== true && !args.dryRun) {
+    return textResult(
+      JSON.stringify(
+        {
+          error: "confirmation_required",
+          message:
+            `This workspace has agent theme-autonomy turned OFF, so a new theme ("${name}") ` +
+            "needs explicit human sign-off. Surface the proposed theme to the user; if they " +
+            "approve, retry with confirm:true. Otherwise file the work under an existing theme.",
+          ...(nearest
+            ? { closestExisting: { id: nearest.id, name: nearest.name, score: Number(nearestScore.toFixed(3)) } }
+            : {}),
+          fix: "propose_theme({ ...same args, confirm: true })",
+        },
+        null,
+        2
+      ),
+      { isError: true }
+    );
+  }
   const id = randomThemeId();
   const theme = {
     id,
     name,
-    description: cleanText(args.description),
+    description,
     color: args.color || "#6366f1", // brand-indigo default; user can change
     ...(typeof args.targetRoi === "number" ? { targetRoi: args.targetRoi } : {}),
   };
@@ -3206,18 +3933,25 @@ function suggestThemeFor(args, projected) {
       score: Number(score.toFixed(3)),
     }));
-  // Reminder when nothing matches strongly — theme creation is the
-  // years-stable decision, so even a weak match deserves a pause.
+  // Autonomy-aware guidance. With agent_theme_autonomy ON (default),
+  // the agent may create a theme on a weak/no match WITHOUT asking —
+  // the server's too_similar block in propose_theme is the sprawl
+  // guard, not a human checkpoint. With it OFF, fall back to the old
+  // "confirm with the user first" framing.
+  const autonomy = projected?.settings?.agentThemeAutonomy !== false;
   const topScore = ranked[0]?.score ?? 0;
   const meta =
     topScore < 0.4
       ? {
           _meta: {
             roadmapper: {
-              reminder:
-                ranked.length === 0
-                  ? "No existing theme overlaps your description. Themes are years-stable, so creating a new one is a big decision — verify with the user that this represents a genuinely new strategic direction, not a reframing of an existing bet, before calling propose_theme."
-                  : "No strong match (top score < 0.4). Re-using a 'close-enough' theme is almost always the right move; ask the user before calling propose_theme.",
+              reminder: autonomy
+                ? ranked.length === 0
+                  ? "No existing theme overlaps. Theme-autonomy is ON, so you may call propose_theme directly if this is a genuinely new strategic pillar — the server will refuse it only if it's a near-duplicate of an existing theme."
+                  : "No strong match (top score < 0.4). Prefer the closest existing theme if it fits; otherwise propose_theme is fine (autonomy is ON, sprawl is guarded server-side)."
+                : ranked.length === 0
+                  ? "No existing theme overlaps. Theme-autonomy is OFF for this workspace — verify with the user that this is a genuinely new strategic direction before propose_theme, and pass confirm:true."
+                  : "No strong match (top score < 0.4). Re-using a 'close-enough' theme is almost always right; theme-autonomy is OFF, so confirm with the user before propose_theme.",
             },
           },
         }
@@ -3228,13 +3962,18 @@ function suggestThemeFor(args, projected) {
       {
         ok: true,
         query: desc,
+        themeAutonomy: autonomy,
         matches: ranked,
         hint:
           ranked.length === 0
-            ? "No existing theme overlaps. propose_theme MAY be appropriate, but only with explicit user confirmation that a new strategic direction is intended — themes are years-stable, not per-feature."
+            ? autonomy
+              ? "No existing theme overlaps. propose_theme is appropriate if this is a distinct strategic pillar — autonomy is on; the server blocks only near-duplicates."
+              : "No existing theme overlaps. propose_theme needs explicit user confirmation (autonomy off): pass confirm:true once the user approves."
             : ranked[0].score > 0.4
               ? `Strong match: ${ranked[0].id} (${ranked[0].name}). Attach capabilities under this theme instead of creating a new one.`
-              : `Weak overlap. The top match is often closer than it scores; prefer that over creating a new theme unless the user explicitly asks for a new strategic direction.`,
+              : autonomy
+                ? `Weak overlap. The top match is often closer than it scores — prefer it if it fits; otherwise propose_theme is fine (sprawl guarded server-side).`
+                : `Weak overlap. Prefer the top match over a new theme unless the user explicitly asks for a new strategic direction (autonomy off).`,
       },
       null,
       2
@@ -3897,6 +4636,86 @@ function detectCapabilityGaps(args, projected) {
   );
 }
+/**
+ * detect_theme_sprawl — the consolidation companion to
+ * agent_theme_autonomy. Autonomy lets agents mint themes freely (with
+ * the per-create too_similar block as a guard); over time, two themes
+ * created from different sessions can still drift toward overlap. This
+ * surfaces those pairs so a human can merge them.
+ *
+ * O(n^2) over active themes — fine; themes are the small top tier
+ * (tens, not thousands). Deterministic: stable id sort, never random.
+ */
+function detectThemeSprawl(args, projected) {
+  const threshold =
+    typeof args?.threshold === "number" && Number.isFinite(args.threshold)
+      ? Math.min(1, Math.max(0, args.threshold))
+      : THEME_SPRAWL_WARN;
+  const includeArchived = args?.includeArchived === true;
+  const themes = (projected.themes ?? [])
+    .filter((t) => includeArchived || !t.archived)
+    .slice()
+    .sort((a, b) => String(a.id).localeCompare(String(b.id)));
+  const capCountByTheme = new Map();
+  for (const c of projected.capabilities ?? []) {
+    if (c.archived) continue;
+    capCountByTheme.set(c.pillarId, (capCountByTheme.get(c.pillarId) ?? 0) + 1);
+  }
+  const toks = themes.map((t) => tokenize(`${t.name} ${t.description ?? ""}`));
+  const pairs = [];
+  for (let i = 0; i < themes.length; i++) {
+    for (let j = i + 1; j < themes.length; j++) {
+      const score = jaccardScore(toks[i], toks[j]);
+      if (score < threshold) continue;
+      // Suggest merging the lighter theme (fewer capabilities) INTO the
+      // heavier one — the smaller bet is the cheaper thing to re-parent.
+      const a = themes[i], b = themes[j];
+      const aCaps = capCountByTheme.get(a.id) ?? 0;
+      const bCaps = capCountByTheme.get(b.id) ?? 0;
+      const [keep, fold] = aCaps >= bCaps ? [a, b] : [b, a];
+      const foldCaps = keep === a ? bCaps : aCaps;
+      pairs.push({
+        score: Number(score.toFixed(3)),
+        themes: [
+          { id: a.id, name: a.name, capabilities: aCaps },
+          { id: b.id, name: b.name, capabilities: bCaps },
+        ],
+        suggestion:
+          foldCaps > 0
+            ? `Likely duplicate. To consolidate: move_capabilities the ${foldCaps} capabilit${foldCaps === 1 ? "y" : "ies"} under ${fold.id} (${fold.name}) to ${keep.id} (${keep.name}), then archive_theme ${fold.id}.`
+            : `Likely duplicate. ${fold.id} (${fold.name}) has no capabilities — archive_theme it and keep ${keep.id} (${keep.name}).`,
+      });
+    }
+  }
+  pairs.sort((x, y) => y.score - x.score);
+  const meta =
+    pairs.length > 0
+      ? {
+          _meta: {
+            roadmapper: {
+              reminder:
+                `${pairs.length} theme pair(s) overlap at/above ${threshold} — candidate duplicates. ` +
+                "Themes are the years-stable top tier; consolidating keeps the strategic view legible. A human should confirm each merge.",
+            },
+          },
+        }
+      : undefined;
+  return textResult(
+    JSON.stringify({
+      themesScanned: themes.length,
+      threshold,
+      sprawlPairCount: pairs.length,
+      pairs,
+    }),
+    meta
+  );
+}
 async function submitAcceptanceGrades(args, projected, wsId) {
   const task = projected.tasks.find((t) => t.id === args.taskId);
   if (!task) return errorResult(`Task ${args.taskId} not found.`);
@@ -4479,6 +5298,147 @@ async function runSelftest() {
       },
       pass: (r) => r?.themesListedAt !== null && r?.capsDiscoveredAt !== null,
     },
+    {
+      // Sprawl control: a theme that overlaps an existing one above the
+      // block bar is refused with too_similar, naming the match — even
+      // on dryRun (the guard runs before the write/preview).
+      name: "propose_theme blocks a near-duplicate theme (too_similar)",
+      fn: () =>
+        proposeTheme(
+          { name: "Data Intelligence Platform Core", dryRun: true },
+          {
+            themes: [
+              { id: "TH-DUP", name: "Data Intelligence Platform", description: "" },
+            ],
+            settings: { agentThemeAutonomy: true },
+          },
+          "ws-test"
+        ),
+      pass: (r) => {
+        const t = r?.content?.[0]?.text ?? "";
+        return t.includes("too_similar") && t.includes("TH-DUP");
+      },
+    },
+    {
+      // A distinct theme passes the sprawl guard, and with autonomy ON
+      // (default) sails through to the (dryRun) create — no confirmation.
+      name: "propose_theme allows a distinct theme when autonomy is on",
+      fn: () =>
+        proposeTheme(
+          { name: "Customer Onboarding Automation", dryRun: true },
+          {
+            themes: [
+              { id: "TH-DUP", name: "Data Intelligence Platform", description: "" },
+            ],
+            settings: { agentThemeAutonomy: true },
+          },
+          "ws-test"
+        ),
+      pass: (r) => {
+        const t = r?.content?.[0]?.text ?? "";
+        return t.includes("\"ok\": true") && t.includes("wouldCreate") && !t.includes("too_similar");
+      },
+    },
+    {
+      // force:true overrides a too_similar block for the rare genuine
+      // false positive.
+      name: "propose_theme force:true overrides the sprawl block",
+      fn: () =>
+        proposeTheme(
+          { name: "Data Intelligence Platform Core", force: true, dryRun: true },
+          {
+            themes: [
+              { id: "TH-DUP", name: "Data Intelligence Platform", description: "" },
+            ],
+            settings: { agentThemeAutonomy: true },
+          },
+          "ws-test"
+        ),
+      pass: (r) => {
+        const t = r?.content?.[0]?.text ?? "";
+        return t.includes("wouldCreate") && !t.includes("too_similar");
+      },
+    },
+    {
+      // With autonomy OFF, a brand-new theme needs confirm:true — the
+      // server returns confirmation_required until the human signs off.
+      name: "propose_theme requires confirm when autonomy is off",
+      fn: () =>
+        proposeTheme(
+          { name: "Brand New Distinct Strategic Pillar" },
+          { themes: [], settings: { agentThemeAutonomy: false } },
+          "ws-test"
+        ),
+      pass: (r) => {
+        const t = r?.content?.[0]?.text ?? "";
+        return t.includes("confirmation_required") && t.includes("confirm");
+      },
+    },
+    {
+      // detect_theme_sprawl surfaces overlapping existing themes as
+      // consolidation candidates.
+      name: "detect_theme_sprawl flags overlapping themes",
+      fn: () =>
+        detectThemeSprawl(
+          {},
+          {
+            themes: [
+              { id: "TH-A", name: "Data Intelligence", description: "" },
+              { id: "TH-B", name: "Data Intelligence Platform", description: "" },
+            ],
+            capabilities: [],
+          }
+        ),
+      pass: (r) => {
+        const t = r?.content?.[0]?.text ?? "";
+        return t.includes("\"sprawlPairCount\": 1") || (t.includes("TH-A") && t.includes("TH-B"));
+      },
+    },
+    {
+      // propose_tasks bulk: dryRun previews all rows + mints an id each.
+      name: "propose_tasks bulk previews the whole batch (dryRun)",
+      fn: () =>
+        proposeTasks(
+          {
+            capabilityId: "CAP-1",
+            dryRun: true,
+            tasks: [
+              { ref: "a", title: "First bulk task here", effort: "M" },
+              { title: "Second bulk task here", effort: "S", dependsOn: ["a"] },
+            ],
+          },
+          { capabilities: [{ id: "CAP-1", name: "Test Cap" }], themes: [], tasks: [] },
+          "ws-test"
+        ),
+      pass: (r) => {
+        const t = r?.content?.[0]?.text ?? "";
+        try {
+          const j = JSON.parse(t);
+          return j.dryRun === true && Array.isArray(j.wouldCreate) && j.wouldCreate.length === 2;
+        } catch {
+          return false;
+        }
+      },
+    },
+    {
+      // propose_tasks rejects the whole batch on a per-row validation
+      // error (missing effort), naming the offending index.
+      name: "propose_tasks rejects a batch with a missing-effort row",
+      fn: () =>
+        proposeTasks(
+          {
+            capabilityId: "CAP-1",
+            tasks: [{ title: "No effort on this task" }],
+          },
+          { capabilities: [{ id: "CAP-1", name: "Test Cap" }], themes: [], tasks: [] },
+          "ws-test"
+        ),
+      pass: (r) => {
+        if (!r?.isError) return false;
+        const t = r?.content?.[0]?.text ?? "";
+        return t.includes("tasks[0]") && t.includes("effort");
+      },
+    },
     {
       name: "resources/list returns the three resources",
       fn: () => handle({ id: 12, method: "resources/list", params: {} }),
@@ -4543,8 +5503,16 @@ async function runSelftest() {
           const out = JSON.parse(r?.result?.content?.[0]?.text ?? "{}");
           return (
             typeof out.resolvedFrom === "string" &&
-            ["arg", "snapshot", "env", "none"].includes(out.resolvedFrom) &&
-            ["broker", "operator", "read-only"].includes(out.writeMode)
+            ["arg", "repo", "snapshot", "env", "none"].includes(
+              out.resolvedFrom
+            ) &&
+            ["broker", "operator", "read-only"].includes(out.writeMode) &&
+            ["resolved", "ambiguous", "env_default", "unresolved"].includes(
+              out.status
+            ) &&
+            // `next` is either null (resolved) or a shaped action object.
+            (out.next === null ||
+              (out.next && typeof out.next.action === "string"))
           );
         } catch {
           return false;
@@ -5942,6 +6910,42 @@ async function runSelftest() {
       pass: (r) =>
         r?.result?.id === "ws-from-snapshot" && r?.result?.source === "snapshot",
     },
+    {
+      // Two open repos mapping to DIFFERENT workspaces must not resolve
+      // silently to the first — get_active_workspace reports status
+      // "ambiguous" and hands back the candidate list so the agent can
+      // prompt for an explicit workspaceId instead of guessing.
+      name: "get_active_workspace surfaces ambiguous multi-repo resolution",
+      fn: () => {
+        try {
+          __setRootWorkspaceForTest("ws-a", "owner/repo-a", [
+            { ws: "ws-a", slug: "owner/repo-a" },
+            { ws: "ws-b", slug: "owner/repo-b" },
+          ]);
+          return handle({
+            id: 23,
+            method: "tools/call",
+            params: { name: "get_active_workspace", arguments: {} },
+          });
+        } finally {
+          __setRootWorkspaceForTest(undefined);
+        }
+      },
+      pass: (r) => {
+        try {
+          const out = JSON.parse(r?.result?.content?.[0]?.text ?? "{}");
+          return (
+            out.status === "ambiguous" &&
+            out.next?.action === "pass_workspace_id" &&
+            Array.isArray(out.candidates) &&
+            out.candidates.length === 2 &&
+            out.candidates.some((c) => c.workspaceId === "ws-b")
+          );
+        } catch {
+          return false;
+        }
+      },
+    },
     {
       // setClientRoots parses both file:// URIs and bare paths and
       // invalidates the cached resolution.
@@ -5958,6 +6962,304 @@ async function runSelftest() {
       // returns null until resolveRootWorkspace() runs. So "cleared" must be null.
       pass: (r) => r?.result?.cleared === null,
     },
+    {
+      // link_repo with no resolvable repo slug returns an actionable
+      // no_repo error rather than calling the broker.
+      name: "link_repo returns no_repo when not in a git repo",
+      fn: async () => {
+        const savedKey = process.env.ROADMAPPER_API_KEY;
+        const savedUrl = process.env.ROADMAPPER_BACKEND_URL;
+        try {
+          process.env.ROADMAPPER_API_KEY = "rmpr_selftest";
+          process.env.ROADMAPPER_BACKEND_URL = "https://selftest.local";
+          _clientRoots = ["/tmp/x"];
+          __setRepoSlugForTest(null); // no slug resolves
+          return await handle({
+            id: 91,
+            method: "tools/call",
+            params: { name: "link_repo", arguments: {} },
+          });
+        } finally {
+          __setRepoSlugForTest(undefined);
+          _clientRoots = [];
+          if (savedKey === undefined) delete process.env.ROADMAPPER_API_KEY;
+          else process.env.ROADMAPPER_API_KEY = savedKey;
+          if (savedUrl === undefined) delete process.env.ROADMAPPER_BACKEND_URL;
+          else process.env.ROADMAPPER_BACKEND_URL = savedUrl;
+        }
+      },
+      pass: (r) => {
+        try {
+          return JSON.parse(r?.result?.content?.[0]?.text ?? "{}").status === "no_repo";
+        } catch {
+          return false;
+        }
+      },
+    },
+    {
+      // link_repo with a resolvable slug POSTs { p_repo } through the
+      // broker and, on {status:"linked"}, invalidates the resolution
+      // cache. Stub fetch to assert the body shape + the linked result.
+      name: "link_repo posts slug to broker and reports linked",
+      fn: async () => {
+        const savedFetch = globalThis.fetch;
+        const savedKey = process.env.ROADMAPPER_API_KEY;
+        const savedUrl = process.env.ROADMAPPER_BACKEND_URL;
+        let sentBody = null;
+        try {
+          process.env.ROADMAPPER_API_KEY = "rmpr_selftest";
+          process.env.ROADMAPPER_BACKEND_URL = "https://selftest.local";
+          _clientRoots = ["/tmp/proj"];
+          __setRepoSlugForTest("acme/widget");
+          __setRootWorkspaceForTest("stale-ws"); // must be invalidated on link
+          globalThis.fetch = async (_u, opts) => {
+            sentBody = JSON.parse(opts.body);
+            return {
+              ok: true,
+              json: async () => ({ status: "linked", workspace_id: "ws-1", repo: "acme/widget" }),
+              text: async () => "",
+            };
+          };
+          const r = await handle({
+            id: 92,
+            method: "tools/call",
+            params: { name: "link_repo", arguments: {} },
+          });
+          return { r, sentBody, cacheCleared: _rootWorkspace };
+        } finally {
+          globalThis.fetch = savedFetch;
+          __setRepoSlugForTest(undefined);
+          __setRootWorkspaceForTest(undefined);
+          _clientRoots = [];
+          if (savedKey === undefined) delete process.env.ROADMAPPER_API_KEY;
+          else process.env.ROADMAPPER_API_KEY = savedKey;
+          if (savedUrl === undefined) delete process.env.ROADMAPPER_BACKEND_URL;
+          else process.env.ROADMAPPER_BACKEND_URL = savedUrl;
+        }
+      },
+      pass: (r) => {
+        try {
+          const out = JSON.parse(r?.r?.result?.content?.[0]?.text ?? "{}");
+          return (
+            out.status === "linked" &&
+            out.repo === "acme/widget" &&
+            // broker body carries the derived slug as p_repo
+            r?.sentBody?.rpc === "link_repo" &&
+            r?.sentBody?.body?.p_repo === "acme/widget" &&
+            // CRITICAL: on the broker path we must NOT send p_workspace_id —
+            // the broker injects the key's validated workspace, and sending
+            // a (likely mismatched) wsId would trip its cross-workspace
+            // guard and 403. This assertion locks in that fix.
+            r?.sentBody?.body?.p_workspace_id === undefined &&
+            // resolution cache invalidated so the new mapping wins next call
+            r?.cacheCleared === undefined
+          );
+        } catch {
+          return false;
+        }
+      },
+    },
+    {
+      // A repo already mapped to a different workspace returns the
+      // conflict passthrough (not a silent steal).
+      name: "link_repo surfaces conflict when repo maps elsewhere",
+      fn: async () => {
+        const savedFetch = globalThis.fetch;
+        const savedKey = process.env.ROADMAPPER_API_KEY;
+        const savedUrl = process.env.ROADMAPPER_BACKEND_URL;
+        const savedWs = process.env.ROADMAPPER_WORKSPACE_ID;
+        try {
+          process.env.ROADMAPPER_API_KEY = "rmpr_selftest";
+          process.env.ROADMAPPER_BACKEND_URL = "https://selftest.local";
+          process.env.ROADMAPPER_WORKSPACE_ID = "ws-mine";
+          _clientRoots = ["/tmp/proj"];
+          __setRepoSlugForTest("acme/taken");
+          globalThis.fetch = async () => ({
+            ok: true,
+            json: async () => ({ status: "conflict", existing_workspace: "ws-other" }),
+            text: async () => "",
+          });
+          return await handle({
+            id: 93,
+            method: "tools/call",
+            params: { name: "link_repo", arguments: {} },
+          });
+        } finally {
+          globalThis.fetch = savedFetch;
+          __setRepoSlugForTest(undefined);
+          _clientRoots = [];
+          if (savedKey === undefined) delete process.env.ROADMAPPER_API_KEY;
+          else process.env.ROADMAPPER_API_KEY = savedKey;
+          if (savedUrl === undefined) delete process.env.ROADMAPPER_BACKEND_URL;
+          else process.env.ROADMAPPER_BACKEND_URL = savedUrl;
+          if (savedWs === undefined) delete process.env.ROADMAPPER_WORKSPACE_ID;
+          else process.env.ROADMAPPER_WORKSPACE_ID = savedWs;
+        }
+      },
+      pass: (r) => {
+        try {
+          const out = JSON.parse(r?.result?.content?.[0]?.text ?? "{}");
+          return out.status === "conflict" && out.existingWorkspace === "ws-other";
+        } catch {
+          return false;
+        }
+      },
+    },
+    {
+      // Repo-link gate: a mutator in an UNMAPPED git repo (slug resolves
+      // but no repo_workspace_map row, so resolution falls to env source)
+      // is blocked with repo_unmapped naming the slug + the link_repo fix.
+      name: "mutator blocked when in an unmapped repo (would hit env default)",
+      fn: async () => {
+        const savedWs = process.env.ROADMAPPER_WORKSPACE_ID;
+        const savedKey = process.env.ROADMAPPER_API_KEY;
+        const savedUrl = process.env.ROADMAPPER_BACKEND_URL;
+        try {
+          // Writes must be enabled or the gate defers to set_credentials.
+          process.env.ROADMAPPER_API_KEY = "rmpr_selftest";
+          process.env.ROADMAPPER_BACKEND_URL = "https://selftest.local";
+          process.env.ROADMAPPER_WORKSPACE_ID = "ws-envdefault";
+          session.rubricFetchedAt = Date.now(); // past the rubric gate
+          _clientRoots = ["/tmp/unmapped"];
+          __setRepoSlugForTest("acme/unmapped");
+          __setRootWorkspaceForTest(null); // no repo_workspace_map hit → env source
+          return await handle({
+            id: 94,
+            method: "tools/call",
+            params: {
+              name: "archive_task",
+              arguments: { taskId: aTask, reason: "unmapped-repo probe" },
+            },
+          });
+        } finally {
+          __setRepoSlugForTest(undefined);
+          __setRootWorkspaceForTest(undefined);
+          _clientRoots = [];
+          if (savedWs === undefined) delete process.env.ROADMAPPER_WORKSPACE_ID;
+          else process.env.ROADMAPPER_WORKSPACE_ID = savedWs;
+          if (savedKey === undefined) delete process.env.ROADMAPPER_API_KEY;
+          else process.env.ROADMAPPER_API_KEY = savedKey;
+          if (savedUrl === undefined) delete process.env.ROADMAPPER_BACKEND_URL;
+          else process.env.ROADMAPPER_BACKEND_URL = savedUrl;
+        }
+      },
+      pass: (r) => {
+        try {
+          const out = JSON.parse(r?.result?.content?.[0]?.text ?? "{}");
+          return (
+            out.error === "repo_unmapped" &&
+            out.repo === "acme/unmapped" &&
+            out.fix === "link_repo()" &&
+            out.envDefaultWorkspace === "ws-envdefault"
+          );
+        } catch {
+          return false;
+        }
+      },
+    },
+    {
+      // ESCAPE HATCH 1 (the multi-repo case): an explicit workspaceId arg
+      // means the caller is intentionally targeting a workspace — the gate
+      // must NOT fire even in an unmapped repo. Proves a developer juggling
+      // several repos in one chat is never bricked: pass workspaceId and the
+      // write proceeds (lands downstream on the missing-service-key error in
+      // selftest, NOT the repo_unmapped block — that's the assertion).
+      name: "repo-link gate skipped when workspaceId passed explicitly",
+      fn: async () => {
+        try {
+          session.rubricFetchedAt = Date.now();
+          _clientRoots = ["/tmp/unmapped"];
+          __setRepoSlugForTest("acme/unmapped");
+          __setRootWorkspaceForTest(null);
+          return await handle({
+            id: 95,
+            method: "tools/call",
+            params: {
+              name: "archive_task",
+              arguments: {
+                taskId: aTask,
+                reason: "explicit-ws probe",
+                workspaceId: "ws-explicit",
+              },
+            },
+          });
+        } finally {
+          __setRepoSlugForTest(undefined);
+          __setRootWorkspaceForTest(undefined);
+          _clientRoots = [];
+        }
+      },
+      pass: (r) => {
+        // Must be an error result (no service key downstream) but NOT the
+        // repo_unmapped block — proves the gate let the explicit target through.
+        if (!r?.result?.isError) return false;
+        const txt = r.result.content?.[0]?.text ?? "";
+        return !txt.includes("repo_unmapped");
+      },
+    },
+    {
+      // ESCAPE HATCH 2: a MAPPED repo (resolution returns source "repo")
+      // never trips the gate — the whole point. Seeding a root workspace
+      // makes resolveWorkspaceWithSource return source:"repo", not "env".
+      name: "repo-link gate skipped when repo IS mapped (source=repo)",
+      fn: async () => {
+        try {
+          session.rubricFetchedAt = Date.now();
+          _clientRoots = ["/tmp/mapped"];
+          __setRepoSlugForTest("acme/mapped");
+          __setRootWorkspaceForTest("ws-mapped", "acme/mapped"); // mapped → source "repo"
+          return await handle({
+            id: 96,
+            method: "tools/call",
+            params: {
+              name: "archive_task",
+              arguments: { taskId: aTask, reason: "mapped-repo probe" },
+            },
+          });
+        } finally {
+          __setRepoSlugForTest(undefined);
+          __setRootWorkspaceForTest(undefined);
+          _clientRoots = [];
+        }
+      },
+      pass: (r) => {
+        if (!r?.result?.isError) return false;
+        const txt = r.result.content?.[0]?.text ?? "";
+        return !txt.includes("repo_unmapped");
+      },
+    },
+    {
+      // ESCAPE HATCH 3: not in a git repo at all (no client roots) — nothing
+      // to link, so the gate must fall through to the env default rather than
+      // deadlock. Asserts NOT repo_unmapped.
+      name: "repo-link gate skipped when not in a git repo (no deadlock)",
+      fn: async () => {
+        const savedWs = process.env.ROADMAPPER_WORKSPACE_ID;
+        try {
+          process.env.ROADMAPPER_WORKSPACE_ID = "ws-envdefault";
+          session.rubricFetchedAt = Date.now();
+          _clientRoots = []; // not in a repo
+          __setRootWorkspaceForTest(null);
+          return await handle({
+            id: 97,
+            method: "tools/call",
+            params: {
+              name: "archive_task",
+              arguments: { taskId: aTask, reason: "no-repo probe" },
+            },
+          });
+        } finally {
+          __setRootWorkspaceForTest(undefined);
+          if (savedWs === undefined) delete process.env.ROADMAPPER_WORKSPACE_ID;
+          else process.env.ROADMAPPER_WORKSPACE_ID = savedWs;
+        }
+      },
+      pass: (r) => {
+        if (!r?.result?.isError) return false;
+        const txt = r.result.content?.[0]?.text ?? "";
+        return !txt.includes("repo_unmapped");
+      },
+    },
   ];
   let passed = 0;