@rosh100yx/outlier 0.2.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Roshan Abraham
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,112 @@
+<div align="center">
+  <h1>outlier</h1>
+  <p><b>The Governance Framework for AI Engineering</b></p>
+  <p><i>Measure AI adoption. Enforce Zero-Trust. Protect Human Mastery.</i></p>
+</div>
+
+`outlier` is a local-first framework to measure real AI adoption and usage. It acts as a strict orchestration gate to cut token waste, block hallucinated code, and serve as an anti-deskilling engine for when you are building in a room full of agents—all without a single byte leaving your terminal.
+
+> *"In a room full of agents" shifts the perspective. It acknowledges that the developer is no longer a solo coder; they are a manager of bots. The product exists to make sure the human doesn't get lazy while managing them. We all want our time back, but we don't want to lose control of the craft.*
+
+```text
+┌   outlier 
+│
+◇  [outlier] 4/5 policies • ✓ safe surface • Local CI ───────╮
+│                                                            │
+│  [1] Capability Engine ▰▰▰▰▰▰▱▱▱▱  Active                  │
+│      status: ✓ Configured                                  │
+│  (=^･ω･^=) [2] AI Code Reliance ▰▰▰▰▰▰▰▰▱▱  85.0% Reliance │
+│      vibe: Did you write any of this, or are you just the manager now? (ФДФ)
+│      gate: (=ಠᆽಠ=) Deskilling Risk Detected ⚠ Security Audit Required
+│  [3] Tokenomics & Cost ▰▰▰▰▰▰▰▰▰▱ 96.5% Cache Bloat        │
+│      waste: ⚠ 96.5% of tokens are redundant context reads  │
+│  Governance: (=ಠᆽಠ=) 1 policy failures                     │
+│                                                            │
+├────────────────────────────────────────────────────────────╯
+```
+
+## How It Works
+┌───────────┐   ┌────────────┐   ┌───────────┐   ┌─────────────┐
+│ AI CODING │──▸│ GIT COMMIT │──▸│  BOUNCER  │──▸│ AUDIT TRACE │
+└───────────┘   └────────────┘   └───────────┘   └─────────────┘
+                                       │ (Fails)
+                                 ┌───────────┐
+                                 │ MENTORING │
+                                 └───────────┘
+**Step 1:** Developer delegates code generation to an AI agent (Claude Code, Cursor).  
+**Step 2:** Developer attempts to merge code into the main branch.  
+**Step 3:** The `outlier` Bouncer hook triggers. If AI reliance > 70%, the commit is physically blocked.  
+**Step 4:** A "Mentoring Emergency" is triggered, forcing the developer to solve an architectural challenge to prove mastery and prevent deskilling.  
+
+## What Outlier Adds
+`outlier` builds a coordination layer on top of native agent workflows.
+
+| Capability | Ungoverned AI | Outlier Governed |
+|------------|---------------|------------------|
+| **Deskilling** | Silent skill atrophy | JIT Mentoring Triggers on high-reliance |
+| **Commit Gate**| Accepts hallucinated code | Physically blocks code over AI-thresholds |
+| **Context** | Blind token spend | Detects "Cache Bloat" and context waste |
+| **Security** | Opaque MCP access | Maps and audits active skills/capabilities |
+
+## Commands
+| Command | Purpose |
+|---------|---------|
+| `outlier audit` | Run the standard telemetry dashboard (Cats + Vibes + Metrics) |
+| `outlier audit --strict` | Run the dashboard without the Cats/Vibes (Enterprise Dry Mode) |
+| `outlier policy` | Interactively select and install the Git Pre-Commit Hook (Bouncer) |
+| `outlier capabilities` | Audit your workspace for active MCP servers and Open Session Skills |
+
+## Quickstart: Your First Audit
+
+**Prerequisites:** You need Node/Bun installed and to be inside a Git repository.
+
+1. **Set the Trap (Install the Bouncer)**
+   ```bash
+   npx github:rosh100yx/outlier policy
+   ```
+   *Select the "Team (70% Max AI)" tier.*
+
+2. **Trigger the Bouncer**
+   Write a massive feature using 100% AI. Attempt to commit it:
+   ```bash
+   git commit -am "added massive ai feature"
+   ```
+   *Watch the Bouncer block your commit for deskilling risk.*
+
+3. **Measure the Damage**
+   ```bash
+   npx github:rosh100yx/outlier audit
+   ```
+   *See your exact AI Authorship ratio and Token Waste.*
+
+## Theoretical Foundations
+`outlier` is built on four core empirical literatures:
+- **Disempowerment:** Incremental AI substitution erodes human influence. `outlier` acts as a sovereignty shield against opaque AI platforms.
+- **Carbon at the Point of Delegation:** We meter carbon footprint directly at the developer's machine and weight it by local grid factors (e.g., Vietnam vs. France).
+- **Authorship:** We track AI reliance per-individual via Git parsing, rather than at the population level.
+- **Deskilling:** Delegating operators lose supervisory skills (Bainbridge, 1983). `outlier` specifically flags high AI-authorship as a "Deskilling Risk".
+
+## FAQ
+
+**Does this send my code or prompts to the cloud?**  
+No. `outlier` is a zero-trust, local-first engine. It parses `git log` and local JSONL token logs. Your code and token usage never leave your machine.
+
+**Do I need to be using a specific IDE?**  
+`outlier` is IDE-agnostic. It works by parsing standard `Co-Authored-By` Git trailers, meaning it supports Claude Code, Cursor, Aider, and manual generation.
+
+**Can I run this in CI/CD like GitHub Actions?**  
+Yes. Use the `--strict` flag (`npx github:rosh100yx/outlier audit --strict`) to return standard zero-exit-code parsing for headless CI environments.
+
+## Who is this for?
+
+If you hold one of these roles, `outlier` was built specifically for you. Please help us improve the framework by running an audit and sharing your terminal screenshot on X.com or your favorite developer community!
+
+- **Engineering Managers & CTOs:** Stop flying blind. Measure true AI adoption, enforce zero-trust security on your IP, and cut your API token bloat.
+- **Principal & Staff Engineers:** Protect the craft. Use the Bouncer hook to enforce architectural standards and prevent your team from deskilling.
+- **Developers & "Vibe Coders":** Prove your mastery. Run the audit, check your vibe, and post your "Artisan" or "Centaur" terminal status to the community.
+
+## Contributing
+We welcome contributions! See our [Contributing Guide](CONTRIBUTING.md) to get started. Great first issues include adding new regional grid factors to `data/grid-factors.json` or writing custom CI/CD pipeline integrations.
+
+## License
+Apache 2.0

package/bin/outlier.js

@@ -0,0 +1,2 @@
+#!/usr/bin/env bun
+import "../src/cli.ts";

package/data/grid-factors.json

@@ -0,0 +1,7 @@
+{
+  "vietnam": 681,
+  "france": 21.7,
+  "us_east": 380,
+  "singapore": 408,
+  "india_average": 715
+}

package/package.json

@@ -0,0 +1,41 @@
+{
+  "name": "@rosh100yx/outlier",
+  "version": "0.2.1",
+  "description": "AI Code Governance & Capability Auditing for the Terminal. Measures AI reliance, context waste, and enforces local CI/CD policies.",
+  "bin": {
+    "outlier": "./bin/outlier.js"
+  },
+  "files": [
+    "bin",
+    "src",
+    "data"
+  ],
+  "scripts": {
+    "build": "bun build ./src/cli.ts --compile --outfile bin/outlier",
+    "test": "bun test",
+    "start": "bun run src/cli.ts"
+  },
+  "type": "module",
+  "private": false,
+  "author": "Roshan Abraham",
+  "license": "MIT",
+  "keywords": [
+    "ai",
+    "governance",
+    "carbon",
+    "telemetry",
+    "authorship",
+    "cli"
+  ],
+  "devDependencies": {
+    "@types/bun": "latest"
+  },
+  "peerDependencies": {
+    "typescript": "^5"
+  },
+  "dependencies": {
+    "@clack/prompts": "^1.6.0",
+    "commander": "^15.0.0",
+    "picocolors": "^1.1.1"
+  }
+}

package/src/capabilities.ts

@@ -0,0 +1,76 @@
+import { homedir } from 'os';
+import { join } from 'path';
+import { existsSync, readdirSync } from 'fs';
+
+export interface CapabilitiesStats {
+  mcps: string[];
+  skills: string[];
+  hasOrchestration: boolean;
+}
+
+export async function getCapabilitiesStats(repoPath: string = process.cwd(), homeDirPath: string = homedir()): Promise<CapabilitiesStats> {
+  const stats: CapabilitiesStats = {
+    mcps: [],
+    skills: [],
+    hasOrchestration: false
+  };
+
+  // Check for AGENTS.md (Orchestration Policy)
+  if (existsSync(join(repoPath, 'AGENTS.md'))) {
+    stats.hasOrchestration = true;
+  }
+
+  // Scan local project skills
+  const projectSkillsPath = join(repoPath, '.agents', 'skills');
+  if (existsSync(projectSkillsPath)) {
+    try {
+      const skills = readdirSync(projectSkillsPath, { withFileTypes: true })
+        .filter(dirent => dirent.isDirectory())
+        .map(dirent => dirent.name);
+      stats.skills.push(...skills);
+    } catch (e) {}
+  }
+
+  // Scan global skills (Gemini / Claude)
+  const geminiSkillsPath = join(homeDirPath, '.gemini', 'skills');
+  if (existsSync(geminiSkillsPath)) {
+    try {
+      const skills = readdirSync(geminiSkillsPath, { withFileTypes: true })
+        .filter(dirent => dirent.isDirectory())
+        .map(dirent => dirent.name);
+      
+      // Only add if not already added (dedupe)
+      for (const skill of skills) {
+        if (!stats.skills.includes(skill)) stats.skills.push(skill);
+      }
+    } catch (e) {}
+  }
+
+  // Scan MCPs from gemini config
+  const geminiMcpPath = join(homeDirPath, '.gemini', 'antigravity-cli', 'mcp');
+  if (existsSync(geminiMcpPath)) {
+    try {
+      const mcps = readdirSync(geminiMcpPath, { withFileTypes: true })
+        .filter(dirent => dirent.isDirectory())
+        .map(dirent => dirent.name);
+      stats.mcps.push(...mcps);
+    } catch (e) {}
+  }
+
+  // Also check Claude settings for legacy MCPs/Plugins
+  const claudeSettingsPath = join(homeDirPath, '.claude', 'settings.json');
+  if (existsSync(claudeSettingsPath)) {
+    try {
+      const claudeSettings = require(claudeSettingsPath);
+      if (claudeSettings.enabledPlugins) {
+        Object.keys(claudeSettings.enabledPlugins).forEach(plugin => {
+          if (claudeSettings.enabledPlugins[plugin] && !stats.mcps.includes(plugin)) {
+            stats.mcps.push(`plugin:${plugin}`);
+          }
+        });
+      }
+    } catch (e) {}
+  }
+
+  return stats;
+}

package/src/carbon.ts

@@ -0,0 +1,80 @@
+import { file } from 'bun';
+import { homedir } from 'os';
+import { join } from 'path';
+import gridFactors from '../data/grid-factors.json';
+
+export interface CarbonStats {
+  totalTokens: number;
+  outputTokens: number;
+  cacheReadTokens: number;
+  energyKwh: number;
+  co2KgVietnam: number;
+  co2KgFrance: number;
+  sessions: number;
+}
+
+export interface TokenLogParser {
+  parse(): Promise<{ total: number, output: number, cache: number, sessions: number }>;
+}
+
+export class ClaudeLogParser implements TokenLogParser {
+  private baseDir: string;
+  constructor(baseDir = homedir()) {
+    this.baseDir = baseDir;
+  }
+  async parse() {
+    const logPath = join(this.baseDir, '.claude', 'tokenomics-log.jsonl');
+    const logFile = file(logPath);
+    if (!(await logFile.exists())) return { total: 0, output: 0, cache: 0, sessions: 0 };
+
+    const text = await logFile.text();
+    const lines = text.trim().split('\n').filter(l => l.length > 0);
+    
+    let total = 0, output = 0, cache = 0;
+    const sessions = new Set<string>();
+
+    for (const line of lines) {
+      try {
+        const data = JSON.parse(line);
+        total += data.total_tokens || 0;
+        output += data.output_tokens || 0;
+        cache += data.cache_read || 0;
+        if (data.session_id) sessions.add(data.session_id);
+      } catch (e) {}
+    }
+    return { total, output, cache, sessions: sessions.size };
+  }
+}
+
+class CursorLogParser implements TokenLogParser {
+  async parse() {
+    // Stub for future Cursor sqlite/json parsing
+    return { total: 0, output: 0, cache: 0, sessions: 0 };
+  }
+}
+
+export async function getCarbonStats(): Promise<CarbonStats> {
+  const parsers: TokenLogParser[] = [new ClaudeLogParser(), new CursorLogParser()];
+  
+  let totalTokens = 0, outputTokens = 0, cacheReadTokens = 0, sessions = 0;
+
+  for (const parser of parsers) {
+    const stats = await parser.parse();
+    totalTokens += stats.total;
+    outputTokens += stats.output;
+    cacheReadTokens += stats.cache;
+    sessions += stats.sessions;
+  }
+
+  const energyKwh = (outputTokens / 1_000_000) * 0.662;
+
+  return {
+    totalTokens,
+    outputTokens,
+    cacheReadTokens,
+    energyKwh,
+    co2KgVietnam: (energyKwh * gridFactors.vietnam) / 1000,
+    co2KgFrance: (energyKwh * gridFactors.france) / 1000,
+    sessions
+  };
+}

package/src/cli.ts

@@ -0,0 +1,276 @@
+#!/usr/bin/env bun
+import { intro, outro, select, spinner, isCancel, cancel, note } from '@clack/prompts';
+import pc from 'picocolors';
+import { getAuthorshipStats } from './git';
+import { getCarbonStats } from './carbon';
+import { getCapabilitiesStats } from './capabilities';
+import { writeFileSync, chmodSync, existsSync } from 'fs';
+import { join } from 'path';
+
+async function main() {
+  console.clear();
+  intro(pc.inverse(' outlier '));
+
+  let action = process.argv[2] as any;
+  if (!action || action === 'audit') {
+    if (action !== 'audit') {
+      action = await select({
+        message: 'Select outlier governance module:',
+        options: [
+          { value: 'status', label: 'Status Report', hint: 'Run full AI reliance and capability audit' },
+          { value: 'capabilities', label: 'Capabilities Map', hint: 'Audit active MCPs, skills, and orchestrations' },
+          { value: 'authorship', label: 'Code Durability', hint: 'Scan git history for AI Code Reliance & Hallucination Risk' },
+          { value: 'carbon', label: 'Cache Bloat', hint: 'Scan local logs for context waste & token costs' },
+          { value: 'policy', label: 'Policy Profiles', hint: 'Set Personal, Team, or Enterprise guardrails in CI' }
+        ],
+      });
+
+      if (isCancel(action)) {
+        cancel('Operation cancelled.');
+        process.exit(0);
+      }
+    } else {
+      action = 'status'; // Map the 'audit' alias directly to status for CI
+    }
+  }
+
+  const s = spinner();
+  
+  if (action === 'carbon') {
+    s.start('Scanning local agent session logs...');
+    try {
+      const carbon = await getCarbonStats();
+      s.stop('Audit complete');
+      
+      note(
+        `Sessions:       ${carbon.sessions}
+Output Tokens:  ${(carbon.outputTokens / 1_000_000).toFixed(2)}M
+Est. Energy:    ${carbon.energyKwh.toFixed(2)} kWh
+
+Grid Cost (Vietnam): ${pc.red(carbon.co2KgVietnam.toFixed(2) + ' kgCO2')}
+Grid Cost (France):  ${pc.green(carbon.co2KgFrance.toFixed(2) + ' kgCO2')}
+
+Ratio: ~31x carbon penalty on coal-heavy grid`,
+        'Session Carbon Breakdown'
+      );
+    } catch (e: any) {
+      s.stop('Audit failed');
+      console.error(pc.red(e.message));
+    }
+  } else if (action === 'authorship' || action === 'status') {
+    s.start('Scanning local git history and agent logs...');
+    
+    try {
+      const gitStats = await getAuthorshipStats().catch(() => null);
+      const carbon = await getCarbonStats().catch(() => null);
+      s.stop('Audit complete');
+      
+      if (action === 'authorship' && gitStats) {
+        const pct = (gitStats.ratio * 100).toFixed(1);
+        const nmPct = (gitStats.ratioNoMerges * 100).toFixed(1);
+        
+        let color = pc.green;
+        let warning = '';
+        if (gitStats.ratio > 0.7) {
+          color = pc.red;
+          warning = pc.red(' ⚠ high dependency');
+        } else if (gitStats.ratio > 0.4) {
+          color = pc.yellow;
+          warning = pc.yellow(' ⚠ moderate');
+        }
+
+        note(
+          `Total Commits:      ${gitStats.total}
+AI Co-Authored:     ${gitStats.ai}
+Authorship Ratio:   ${color(pct + '%')}${warning}
+
+Non-merge Commits:  ${gitStats.totalNoMerges}
+AI Co-Authored:     ${gitStats.aiNoMerges}
+Conservative Floor: ${color(nmPct + '%')}`,
+            'Git Authorship Breakdown'
+          );
+      } else if (action === 'status') {
+        const isStrict = process.argv.includes('--strict');
+        s.start('Running outlier telemetry audit...');
+        const carbon = await getCarbonStats().catch(() => null);
+        const gitStats = await getAuthorshipStats().catch(() => null);
+        const capabilities = await getCapabilitiesStats().catch(() => null);
+        s.stop('Audit complete');
+        
+        let authPct = '0%';
+        let ruleFailures = 0;
+        let authWarning = '';
+        let wittyRemark = isStrict ? '' : 'No git history (・_・ヾ';
+        let mentorString = '';
+        
+        if (gitStats) {
+          authPct = `${(gitStats.ratio * 100).toFixed(1)}%`;
+          
+          if (!isStrict) {
+            if (gitStats.ratio < 0.1) wittyRemark = 'Artisan, hand-crafted code. Very 2019 of you (=^ ◡ ^=)';
+            else if (gitStats.ratio < 0.6) wittyRemark = 'A true centaur. Half human, half matrix (=｀ω´=)';
+            else if (gitStats.ratio < 0.95) wittyRemark = 'Did you write any of this, or are you just the manager now? (ФДФ)';
+            else wittyRemark = 'You are officially a spectator in your own repository (=ಠᆽಠ=)';
+          }
+
+          if (gitStats.ratio > 0.7) {
+            authWarning = pc.red(isStrict ? `⚠ High Risk Surface: ${authPct} AI-generated. Human review required.` : `⚠ Mentoring Emergency: ${authPct} AI-generated. High risk of skill atrophy.`);
+            if (!isStrict) {
+              mentorString = `\n    mentor: ${pc.blue('💡 Architecture Challenge Pending (See Git Hook)')}`;
+            }
+            ruleFailures++;
+          }
+        }
+        
+        let cachePct = '0';
+        let co2Str = '0.0kg';
+        if (carbon) {
+          if (carbon.totalTokens > 0) {
+            cachePct = ((carbon.cacheReadTokens / carbon.totalTokens) * 100).toFixed(1);
+          }
+          co2Str = `${carbon.co2KgVietnam.toFixed(2)}kg CO2`;
+        }
+
+        const vibeRow = !isStrict ? `\n    vibe: ${pc.italic(wittyRemark)}` : '';
+        const capIcon = isStrict ? '' : '(Ф∇Ф) ';
+        const authIcon = isStrict ? '' : '(=^･ω･^=) ';
+        const costIcon = isStrict ? '' : '(O_O;) ';
+        const failIcon = isStrict ? '⚠' : '(=ಠᆽಠ=)';
+        const passIcon = isStrict ? '✓' : '(=^ ◡ ^=)';
+
+        note(
+          `${capIcon}${pc.dim('[1] Capability Engine')} ${pc.cyan('▰▰▰▰▰▰▱▱▱▱')}  ${pc.bold('Active')}
+    status: ${pc.green('✓ Configured')}
+${authIcon}${pc.dim('[2] AI Code Reliance')} ${pc.yellow('▰▰▰▰▰▰▰▰▱▱')}  ${pc.bold(`${authPct} Reliance`)}${vibeRow}
+    gate: ${gitStats && gitStats.ratio <= 0.7 ? pc.green('✓ Human Mastery Sustained') : `${pc.red(`${failIcon} Deskilling Risk Detected`)} ${pc.red('⚠ Security Audit Required')}`}${mentorString}
+${costIcon}${pc.dim('[3] Tokenomics & Cost')} ${pc.magenta('▰▰▰▰▰▰▰▰▰▱')} ${pc.bold(`${cachePct}% Cache Bloat`)}
+    waste: ${pc.yellow(`⚠ ${cachePct}% of tokens are redundant context reads`)}
+    carbon: ${pc.green(`✓ ${co2Str} (Grid-weighted estimate)`)}
+${pc.bold('Governance:')} ${ruleFailures > 0 ? pc.red(`${failIcon} ${ruleFailures + 1} policy failures`) : pc.green(`${passIcon} All clear`)}`,
+          `${pc.bold('[outlier]')} ${5 - (ruleFailures+1)}/5 policies • ${authWarning || pc.green(`${passIcon} safe surface`)} • ${co2Str}`
+        );
+      }
+    } catch (e: any) {
+      s.stop('Audit failed');
+      console.error(pc.red(e.message));
+    }
+
+  } else if (action === 'capabilities') {
+    s.start('Auditing AI surface area (MCPs, Skills, Orchestrators)...');
+    try {
+      const caps = await getCapabilitiesStats();
+      s.stop('Capabilities Scan Complete');
+
+      note(
+        `Orchestration Policy: ${caps.hasOrchestration ? pc.green('Detected (AGENTS.md)') : pc.yellow('None')}
+
+Active Skills (${caps.skills.length}):
+${caps.skills.length > 0 ? pc.cyan(caps.skills.map(s => `  • ${s}`).join('\n')) : '  None'}
+
+Active MCP Servers (${caps.mcps.length}):
+${caps.mcps.length > 0 ? pc.magenta(caps.mcps.map(m => `  • ${m}`).join('\n')) : '  None'}
+
+${pc.bold('Governance Assessment:')}
+This repository provides agents with ${caps.mcps.length} toolsets and ${caps.skills.length} skills. 
+${caps.skills.length > 5 ? pc.red('⚠ High Surface Area: Ensure strict authorship review is enabled.') : pc.green('✓ Low Surface Area: Risk contained.')}`,
+        'AI Capabilities Map'
+      );
+    } catch (e: any) {
+      s.stop('Audit failed');
+      console.error(pc.red(e.message));
+    }
+  } else if (action === 'policy') {
+    const tier = await select({
+      message: 'Select the governance tier to configure:',
+      options: [
+        { value: 'personal', label: 'Personal (Self-imposed)', hint: 'Set your own limits for skill retention' },
+        { value: 'team', label: 'Team Guardrails', hint: 'Engineering lead sets thresholds for human review' },
+        { value: 'enterprise', label: 'Enterprise Compliance', hint: 'Production thresholds (e.g., max 60% AI authorship)' },
+        { value: 'regulatory', label: 'Regulatory Audit', hint: 'Decree 142 human-oversight logging' }
+      ]
+    });
+
+    if (isCancel(tier)) {
+      cancel('Policy configuration cancelled.');
+      process.exit(0);
+    }
+
+    if (tier === 'personal' || tier === 'team' || tier === 'enterprise') {
+      const maxAuthorship = await select({
+        message: `Set the maximum allowed AI Authorship Share for ${tier} profile:`,
+        options: [
+          { value: '50', label: '50% (Strict Human-Majority)' },
+          { value: '70', label: '70% (Standard Hybrid)' },
+          { value: '85', label: '85% (High Velocity)' },
+          { value: '100', label: '100% (Unrestricted)' }
+        ]
+      });
+
+      if (isCancel(maxAuthorship)) {
+        cancel('Policy configuration cancelled.');
+        process.exit(0);
+      }
+
+      s.start(`Applying ${tier} policy guardrails...`);
+      
+      const gitDir = join(process.cwd(), '.git');
+      const isRepo = existsSync(gitDir);
+      if (!isRepo) {
+        log.error('Must be run inside a git repository');
+        return;
+      }
+
+      const isStrict = process.argv.includes('--strict');
+      const bouncerMsg = isStrict 
+        ? `echo "❌ outlier policy violation: AI authorship ($CURRENT_RATIO%) exceeds threshold ($MAX_RATIO%)"`
+        : `echo "😾 ✋ The Bouncer says no: Your code is $CURRENT_RATIO% AI-generated."\n    echo "A human must review this before it enters the club (main branch)."`;
+
+      const hookPath = join(gitDir, 'hooks', 'pre-commit');
+      const hookScript = `#!/bin/sh
+# outlier Pre-Commit Governance Hook
+
+# Calculate AI Authorship Ratio
+TOTAL=$(git log --oneline | wc -l | tr -d ' ')
+AI=$(git log -i --grep='Co-Authored-By' --oneline | wc -l | tr -d ' ')
+if [ "$TOTAL" -eq 0 ]; then exit 0; fi
+CURRENT_RATIO=$(awk "BEGIN {print ($AI / $TOTAL) * 100}")
+MAX_RATIO=${maxAuthorship}
+
+if [ "$(echo "$CURRENT_RATIO > $MAX_RATIO" | bc -l)" -eq 1 ]; then
+    ${bouncerMsg}
+    exit 1
+fi
+echo "✅ Governance Policy OK"
+`;
+        writeFileSync(hookPath, hookScript);
+        chmodSync(hookPath, '755');
+      }
+
+      await new Promise(resolve => setTimeout(resolve, 800));
+      s.stop('Policy Applied');
+
+      note(
+        `Tier:         ${pc.bold(tier.toString().toUpperCase())}
+Rule 1:       ${pc.green(`AI Authorship must not exceed ${maxAuthorship}%`)}
+Rule 2:       ${pc.green('Require human review on consecutive high-AI sprints')}
+Enforcement:  ${pc.cyan('Local pre-commit hook installed')}`,
+        'Active Governance Policy'
+      );
+    } else if (tier === 'regulatory') {
+      s.start('Generating Regulatory Compliance Audit (Decree 142)...');
+      await new Promise(resolve => setTimeout(resolve, 1200));
+      s.stop('Audit Generated');
+
+      note(
+        `Jurisdiction: ${pc.bold('Vietnam (Decree 142)')}
+Status:       ${pc.green('Compliant - Human oversight logged locally')}
+Privacy:      ${pc.green('Preserved - No citizen data exported')}
+Artifact:     ${pc.cyan('outlier-audit-report.jsonl generated')}`,
+        'Regulatory Compliance'
+      );
+    }
+
+  outro(pc.green('Local telemetry run completed. No data left your machine.'));
+}
+
+main().catch(console.error);

package/src/git.ts

@@ -0,0 +1,50 @@
+import { spawn } from 'bun';
+
+export interface AuthorshipStats {
+  total: number;
+  ai: number;
+  ratio: number;
+  totalNoMerges: number;
+  aiNoMerges: number;
+  ratioNoMerges: number;
+}
+
+async function runGitCommand(args: string[], cwd: string): Promise<number> {
+  const proc = spawn(['git', '-C', cwd, ...args], { stdout: 'pipe', stderr: 'pipe' });
+  const text = await new Response(proc.stdout).text();
+  const exitCode = await proc.exited;
+  
+  if (exitCode !== 0) {
+    throw new Error('Git command failed');
+  }
+  
+  const lines = text.trim().split('\n').filter(l => l.length > 0);
+  return lines.length;
+}
+
+export async function checkIsGitRepo(cwd: string): Promise<boolean> {
+  const proc = spawn(['git', '-C', cwd, 'rev-parse', '--is-inside-work-tree'], { stdout: 'pipe', stderr: 'pipe' });
+  const exitCode = await proc.exited;
+  return exitCode === 0;
+}
+
+export async function getAuthorshipStats(repoPath: string = process.cwd()): Promise<AuthorshipStats> {
+  const isRepo = await checkIsGitRepo(repoPath);
+  if (!isRepo) {
+    throw new Error(`Directory is not a git repository: ${repoPath}`);
+  }
+
+  const total = await runGitCommand(['log', '--oneline'], repoPath);
+  const ai = await runGitCommand(['log', '-i', '--grep=Co-Authored-By', '--oneline'], repoPath);
+  const totalNoMerges = await runGitCommand(['log', '--no-merges', '--oneline'], repoPath);
+  const aiNoMerges = await runGitCommand(['log', '--no-merges', '-i', '--grep=Co-Authored-By', '--oneline'], repoPath);
+
+  return {
+    total,
+    ai,
+    ratio: total === 0 ? 0 : ai / total,
+    totalNoMerges,
+    aiNoMerges,
+    ratioNoMerges: totalNoMerges === 0 ? 0 : aiNoMerges / totalNoMerges
+  };
+}