@shahmilsaari/memory-core 1.0.25 → 1.0.26

package/dist/classifier-MZ65R7FK.js

@@ -0,0 +1,60 @@
+#!/usr/bin/env node
+
+// src/core/classifier.ts
+import { existsSync, readFileSync } from "fs";
+import { join } from "path";
+function globToRegex(pattern) {
+  const escaped = pattern.replace(/\./g, "\\.").replace(/\*\*\//g, "(?:.+/)?").replace(/\*\*/g, ".+").replace(/\*/g, "[^/]+");
+  return new RegExp(`^${escaped}`);
+}
+function matchesGlob(filepath, pattern) {
+  return globToRegex(pattern).test(filepath);
+}
+var FileClassifier = class _FileClassifier {
+  constructor(layers) {
+    this.layers = layers;
+  }
+  layers;
+  classifyFile(filepath) {
+    const normalized = filepath.replace(/\\/g, "/");
+    for (const layer of this.layers) {
+      if (layer.paths.some((p) => matchesGlob(normalized, p))) {
+        return { file: filepath, layer: layer.name, isNew: false, isModified: false };
+      }
+    }
+    return null;
+  }
+  classifyDiff(diff) {
+    const result = [];
+    for (const file of diff.added) {
+      const c = this.classifyFile(file);
+      if (c) result.push({ ...c, isNew: true });
+    }
+    for (const file of diff.modified) {
+      const c = this.classifyFile(file);
+      if (c) result.push({ ...c, isModified: true });
+    }
+    return result;
+  }
+  static loadFromConfig(configDir) {
+    const layersPath = join(configDir, "layers.json");
+    if (!existsSync(layersPath)) {
+      return new _FileClassifier(defaultLayers());
+    }
+    const config = JSON.parse(readFileSync(layersPath, "utf-8"));
+    return new _FileClassifier(config.layers);
+  }
+};
+function defaultLayers() {
+  return [
+    { name: "domain", paths: ["src/domain/**", "src/core/domain/**"], description: "Business logic, entities, use cases" },
+    { name: "application", paths: ["src/application/**", "src/core/application/**"], description: "Use cases and orchestration" },
+    { name: "infrastructure", paths: ["src/infrastructure/**"], description: "Database, external APIs, low-level I/O" },
+    { name: "api", paths: ["src/api/**", "src/interfaces/**", "src/controllers/**"], description: "HTTP handlers, request/response" },
+    { name: "shared", paths: ["src/shared/**", "src/utils/**", "src/helpers/**"], description: "Utilities, helpers, constants" }
+  ];
+}
+export {
+  FileClassifier,
+  defaultLayers
+};

package/dist/cli.js

@@ -7,13 +7,11 @@ import {
   checkCommitMsg,
   checkFile,
   checkStaged,
-  closePool,
   detectProject,
   findSchemaViolations,
   generate,
   getAllowPatterns,
   getDefaultApplicationContainer,
-  getPool,
   inferProjectArchitectures,
   installHook,
   listProfiles,
@@ -25,12 +23,18 @@ import {
   readMemoryFileFromUrl,
   recordBypass,
   retrieveMemorySelection,
-  runMigrations,
   seeds,
   toPortableMemory,
   uninstallHook,
   writeMemoryFile
-} from "./chunk-35ZWQFTO.js";
+} from "./chunk-3XTHE74V.js";
+import "./chunk-PQBWHAZN.js";
+import {
+  closePool,
+  getPool,
+  runMigrations
+} from "./chunk-M7NKSXFS.js";
+import "./chunk-ZZBQEXEO.js";
 
 // src/cli.ts
 import { Command } from "commander";
@@ -40,6 +44,7 @@ import ora from "ora";
 import { readFileSync, writeFileSync, existsSync, mkdirSync, appendFileSync, rmSync } from "fs";
 import { join, dirname, resolve } from "path";
 import { homedir } from "os";
+import { spawnSync as spawnSync2 } from "child_process";
 
 // src/remote-install.ts
 import { spawnSync } from "child_process";
@@ -134,10 +139,7 @@ var DEFAULT_EMBEDDING_MODEL = "nomic-embed-text";
 var DEFAULT_CHAT_MODEL = "llama3.2";
 var phase1 = getDefaultApplicationContainer();
 function getEnvPath() {
-  const memoryEnv = join(process.cwd(), ".memory-core.env");
-  if (existsSync(memoryEnv)) return memoryEnv;
-  const dotEnv = join(process.cwd(), ".env");
-  return existsSync(dotEnv) ? dotEnv : memoryEnv;
+  return join(process.cwd(), ".memory-core.env");
 }
 function getWriteEnvPath() {
   return join(process.cwd(), ".memory-core.env");
@@ -1052,6 +1054,34 @@ program.command("init").description("Initialize memory-core in the current proje
   );
   writeProjectConfig(config);
   spinner.succeed(`Generated ${written.written.length} files`);
+  try {
+    const archmindDir = join(process.cwd(), ".archmind");
+    mkdirSync(archmindDir, { recursive: true });
+    const layersPath = join(archmindDir, "layers.json");
+    const rulesPath = join(archmindDir, "rules.json");
+    const archmindGitignorePath = join(archmindDir, ".gitignore");
+    if (!existsSync(layersPath)) {
+      const arch2 = backendArchitecture ?? frontendFramework ?? "custom";
+      const layersTemplate = buildLayersTemplate(arch2);
+      writeFileSync(layersPath, JSON.stringify(layersTemplate, null, 2) + "\n", "utf-8");
+      console.log(chalk.green("  \u2713 Created .archmind/layers.json"));
+    }
+    if (!existsSync(rulesPath)) {
+      writeFileSync(rulesPath, JSON.stringify(DEFAULT_ARCH_RULES, null, 2) + "\n", "utf-8");
+      console.log(chalk.green("  \u2713 Created .archmind/rules.json"));
+    }
+    if (!existsSync(archmindGitignorePath)) {
+      writeFileSync(archmindGitignorePath, "approval-queue.json\nwatch-errors.json\n", "utf-8");
+    }
+  } catch {
+  }
+  try {
+    const graphSpinner = ora("  Building dependency graph snapshot\u2026").start();
+    const { snapshot } = await phase1.services.graphEngine.buildAndStoreSnapshot({ cwd: process.cwd() });
+    graphSpinner.succeed(`  Graph snapshot ready (${snapshot.nodes.length} nodes, ${snapshot.edges.length} edges)`);
+  } catch {
+    console.log(chalk.dim("  (graph build skipped \u2014 run `memory-core graph build` once manually)"));
+  }
   const gitignoreEntries = [...written.written, ...LOCAL_GENERATED_FILES];
   if (gitignoreEntries.length > 0) {
     const added = appendMissingGitignoreEntries(gitignoreEntries, GITIGNORE_HEADING);
@@ -1715,7 +1745,7 @@ program.command("dashboard").description("Start the live Svelte dashboard with W
     }
     return void 0;
   };
-  const { startDashboard } = await import("./dashboard-server-SSYZLQKB.js");
+  const { startDashboard } = await import("./dashboard-server-EEFNE6NX.js");
   await startDashboard({
     port: parseInt(opts.port, 10),
     path: resolveDashboardPath(),
@@ -2182,7 +2212,241 @@ hook.command("bypass-prompt").description("Prompt developer for a bypass reason
   }
   await closePool();
 });
-program.command("check").description("Check staged changes against architecture rules (used by pre-commit hook)").option("--staged", "Check git staged diff (default behaviour)").option("--ci", `Check CI diff using ${MEMORY_FILE}`).option("--all", "Check all tracked source files, including already-committed files").option("--path <dir>", "Directory to check for --all mode (default: current directory)").option("--file <path>", "Check a specific file retroactively against all rules").option("--commit-msg [file]", "Check commit message (defaults to .git/COMMIT_EDITMSG)").option("--verbose", "Show model and diff details").option("--debug", "Show prompt, diff, and raw model response").option("--fast", "Skip AI and memory retrieval; run deterministic checks only").option("--dry-run", "Show what would be flagged without blocking the commit").action(async (opts) => {
+program.command("check").description("Check staged changes against architecture rules (used by pre-commit hook)").option("--staged", "Check git staged diff (default behaviour)").option("--ci", `Check CI diff using ${MEMORY_FILE}`).option("--all", "Check all tracked source files, including already-committed files").option("--path <dir>", "Directory to check for --all mode (default: current directory)").option("--file <path>", "Check a specific file retroactively against all rules").option("--commit-msg [file]", "Check commit message (defaults to .git/COMMIT_EDITMSG)").option("--verbose", "Show model and diff details").option("--debug", "Show prompt, diff, and raw model response").option("--fast", "Skip AI and memory retrieval; run deterministic checks only").option("--dry-run", "Show what would be flagged without blocking the commit").option("--diff <ref>", "Check a git diff for architecture violations (evidence-based)").option("--second-opinion", "Run a second critique pass for uncertain decisions (use with --diff)").option("--json", "Output full JSON result (use with --diff)").action(async (opts) => {
+  if (opts.diff !== void 0) {
+    const { values: envValues } = readRuntimeEnv();
+    applyRuntimeEnv(envValues);
+    const startMs = Date.now();
+    const diffRef = opts.diff || "HEAD~1";
+    const diag = opts.json ? (msg) => process.stderr.write(msg + "\n") : (msg) => console.log(msg);
+    const diagSpinner = (text) => ora({ text, stream: opts.json ? process.stderr : process.stdout });
+    const { CheckRateLimiter } = await import("./rate-limiter-SLIPCXRF.js");
+    const release = await new CheckRateLimiter(process.cwd()).acquire();
+    process.on("exit", release);
+    const { FileClassifier } = await import("./classifier-MZ65R7FK.js");
+    const { ASTAnalyzer } = await import("./ast-analyzer-JM4CIOFY.js");
+    const { GraphBuilder } = await import("./graph-TFNTB5OK.js");
+    const { RuleMatcher } = await import("./rules-V3QMN3AR.js");
+    const { EvidencePacketBuilder } = await import("./evidence-HVMSONTT.js");
+    const { DeterministicValidator } = await import("./deterministic-validator-PP56B46I.js");
+    const { OllamaJudge } = await import("./ollama-judge-D2LFK5PB.js");
+    const { DeepSeekCritique } = await import("./deepseek-critique-MALVIYGF.js");
+    const { ConfidenceGate, defaultGateConfig } = await import("./confidence-gate-ZQDAOS6P.js");
+    const { CheckCache } = await import("./check-cache-6NWRTZJD.js");
+    const { CheckLogger } = await import("./check-logger-5HYSWA3S.js");
+    const configDir = getArchmindDir();
+    const classifier = FileClassifier.loadFromConfig(configDir);
+    const ruleMatcher = RuleMatcher.loadFromConfig(configDir);
+    const astAnalyzer = new ASTAnalyzer(process.cwd());
+    const graphBuilder = new GraphBuilder(astAnalyzer, classifier, process.cwd());
+    const logger = new CheckLogger(process.cwd());
+    let diffOutput = "";
+    try {
+      const result = spawnSync2("git", ["diff", "--name-status", diffRef], { encoding: "utf-8" });
+      if (result.status !== 0) throw new Error(result.stderr);
+      diffOutput = result.stdout;
+    } catch {
+      console.error("Could not run git diff against " + diffRef);
+      process.exit(1);
+    }
+    const added = [];
+    const modified = [];
+    const deleted = [];
+    for (const line of diffOutput.split("\n").filter(Boolean)) {
+      const [status, ...rest] = line.split("	");
+      const file = rest.join("	").trim();
+      if (!file) continue;
+      if (status.startsWith("A")) added.push(file);
+      else if (status.startsWith("D")) deleted.push(file);
+      else modified.push(file);
+    }
+    const allChanged = [...added, ...modified].filter((f) => /\.(ts|tsx|js|jsx|mjs|cjs)$/.test(f));
+    const graph2 = await graphBuilder.buildFromFiles(allChanged);
+    const builder = new EvidencePacketBuilder(process.cwd());
+    const packet = await builder.build({ added, modified, deleted }, astAnalyzer, classifier, ruleMatcher, graph2);
+    try {
+      const fullGraph = await phase1.services.graphEngine.latest(process.cwd());
+      if (fullGraph) {
+        const snapshotAge = fullGraph.createdAt ? Date.now() - new Date(fullGraph.createdAt).getTime() : null;
+        const STALE_MS = 24 * 60 * 60 * 1e3;
+        if (snapshotAge !== null && snapshotAge > STALE_MS) {
+          const hours = Math.round(snapshotAge / 36e5);
+          diag(chalk.yellow(`  \u26A0 Graph snapshot is ${hours}h old \u2014 run \`memory-core graph build\` to refresh`));
+        }
+        const changedSet = /* @__PURE__ */ new Set([...added, ...modified]);
+        for (const edge of fullGraph.edges) {
+          if (!changedSet.has(edge.from) || edge.to.startsWith("pkg:")) continue;
+          const fromClass = classifier.classifyFile(edge.from);
+          const toClass = classifier.classifyFile(edge.to);
+          if (!fromClass || !toClass) continue;
+          const violating = ruleMatcher.findViolatingRules(fromClass.layer, toClass.layer);
+          for (const rule of violating) {
+            const alreadyReported = packet.graphViolations.some(
+              (v) => v.from === edge.from && v.to === edge.to && v.ruleName === rule.name
+            );
+            if (!alreadyReported) {
+              packet.graphViolations.push({
+                from: edge.from,
+                fromLayer: fromClass.layer,
+                to: edge.to,
+                toLayer: toClass.layer,
+                ruleName: rule.name,
+                path: [edge.from, edge.to]
+              });
+            }
+          }
+        }
+      } else {
+        diag(chalk.yellow("  \u26A0 No graph snapshot \u2014 building now for full codebase enforcement\u2026"));
+        const autoSpinner = diagSpinner("  Building dependency graph\u2026").start();
+        try {
+          const buildResult = await Promise.race([
+            phase1.services.graphEngine.buildAndStoreSnapshot({ cwd: process.cwd() }),
+            new Promise((_, reject) => setTimeout(() => reject(new Error("graph build timeout")), 15e3))
+          ]);
+          autoSpinner.succeed(`  Graph snapshot ready (${buildResult.snapshot.nodes.length} nodes, ${buildResult.snapshot.edges.length} edges)`);
+          const freshGraph = await phase1.services.graphEngine.latest(process.cwd());
+          if (freshGraph) {
+            const changedSet2 = /* @__PURE__ */ new Set([...added, ...modified]);
+            for (const edge of freshGraph.edges) {
+              if (!changedSet2.has(edge.from) || edge.to.startsWith("pkg:")) continue;
+              const fromClass = classifier.classifyFile(edge.from);
+              const toClass = classifier.classifyFile(edge.to);
+              if (!fromClass || !toClass) continue;
+              const violating = ruleMatcher.findViolatingRules(fromClass.layer, toClass.layer);
+              for (const rule of violating) {
+                const alreadyReported = packet.graphViolations.some(
+                  (v) => v.from === edge.from && v.to === edge.to && v.ruleName === rule.name
+                );
+                if (!alreadyReported) {
+                  packet.graphViolations.push({
+                    from: edge.from,
+                    fromLayer: fromClass.layer,
+                    to: edge.to,
+                    toLayer: toClass.layer,
+                    ruleName: rule.name,
+                    path: [edge.from, edge.to]
+                  });
+                }
+              }
+            }
+          }
+        } catch (e) {
+          autoSpinner.stop();
+          const msg = e instanceof Error ? e.message : String(e);
+          diag(chalk.dim(`  (auto-build skipped: ${msg} \u2014 run \`memory-core graph build\` manually)`));
+        }
+      }
+    } catch {
+    }
+    const det = new DeterministicValidator();
+    if (det.validate(packet) === "block") {
+      const out = {
+        decision: "block",
+        source: "deterministic",
+        confidence: 1,
+        violations: packet.violations.map((v) => ({ rule: v.rule.name, from: v.fromFile, to: v.toFile })),
+        graphViolations: packet.graphViolations,
+        ...opts.json ? { evidence: packet } : {}
+      };
+      console.log(JSON.stringify(out, null, 2));
+      logger.append({ timestamp: (/* @__PURE__ */ new Date()).toISOString(), ref: diffRef, decision: "block", source: "deterministic", confidence: 1, violationCount: packet.violations.length, graphViolationCount: packet.graphViolations.length, changedFiles: allChanged.length, durationMs: Date.now() - startMs, fast: opts.fast });
+      process.exit(1);
+    }
+    if (opts.fast) {
+      const out = { decision: "allow", source: "deterministic", confidence: 1, violations: [], graphViolations: packet.graphViolations };
+      if (opts.json) {
+        console.log(JSON.stringify(out, null, 2));
+      } else {
+        diag(chalk.green("\n  Decision: ALLOW") + chalk.dim(" (source: deterministic+fast, confidence: 1.00)"));
+      }
+      logger.append({ timestamp: (/* @__PURE__ */ new Date()).toISOString(), ref: diffRef, decision: "allow", source: "deterministic", confidence: 1, violationCount: 0, graphViolationCount: packet.graphViolations.length, changedFiles: allChanged.length, durationMs: Date.now() - startMs, fast: true });
+      return;
+    }
+    let storedMemories = [];
+    try {
+      const { listMemories } = await import("./db-PRDHI2CN.js");
+      const allMemories = await listMemories({ limit: 1e4 });
+      const ranked = allMemories.filter((m) => ["rule", "pattern", "decision"].includes(m.type));
+      const changedLayers = packet.layersAffected;
+      const scored = ranked.map((m) => {
+        const text = m.content.toLowerCase();
+        const score = changedLayers.reduce((s, l) => s + (text.includes(l) ? 2 : 0), 0);
+        return { m, score };
+      });
+      scored.sort((a, b) => b.score - a.score);
+      storedMemories = scored.slice(0, 30).map(({ m }) => ({
+        type: m.type,
+        content: m.content,
+        reason: m.reason ?? void 0
+      }));
+    } catch {
+    }
+    const cache = new CheckCache(process.cwd());
+    const mHash = cache.memoriesHash(storedMemories);
+    const rHash = cache.rulesHash(configDir);
+    const cacheKey = cache.key(diffOutput, mHash, rHash);
+    const cached = !opts.secondOpinion && cache.get(cacheKey);
+    if (cached) {
+      diag(chalk.dim("  (cached result)"));
+      const output2 = {
+        decision: cached.decision,
+        source: cached.source + "+cache",
+        violations: cached.violations,
+        suggestedFix: cached.suggestedFix,
+        reasoning: cached.reasoning,
+        confidence: cached.confidence
+      };
+      if (opts.json) {
+        console.log(JSON.stringify(output2, null, 2));
+      } else {
+        const color = cached.decision === "block" ? chalk.red : cached.decision === "warn" ? chalk.yellow : chalk.green;
+        diag(color(`
+  Decision: ${cached.decision.toUpperCase()}`) + chalk.dim(` (source: ${cached.source}+cache, confidence: ${cached.confidence.toFixed(2)})`));
+      }
+      logger.append({ timestamp: (/* @__PURE__ */ new Date()).toISOString(), ref: diffRef, decision: cached.decision, source: cached.source + "+cache", confidence: cached.confidence, violationCount: cached.violations.length, graphViolationCount: packet.graphViolations.length, changedFiles: allChanged.length, durationMs: Date.now() - startMs, cached: true });
+      if (cached.decision === "block") process.exit(1);
+      return;
+    }
+    const chatModel = process.env.CHAT_MODEL ?? process.env.OLLAMA_CHAT_MODEL ?? "unknown";
+    const provider2 = process.env.CHAT_PROVIDER ?? "ollama";
+    const spinner = diagSpinner(`  Analyzing with ${provider2}/${chatModel}\u2026`).start();
+    const primaryDecision = await new OllamaJudge().judge(packet, storedMemories);
+    spinner.stop();
+    const critiqueEnabled = opts.secondOpinion ?? false;
+    const critiqueFn = critiqueEnabled ? async (p) => new DeepSeekCritique().critique(p, primaryDecision) : async () => ({ decision: primaryDecision.decision, confidence: primaryDecision.confidence, reasoning: "skipped", override: false });
+    const gateDecision = await new ConfidenceGate(defaultGateConfig(critiqueEnabled)).decide(packet, primaryDecision, critiqueFn);
+    cache.set(cacheKey, {
+      decision: gateDecision.final,
+      source: gateDecision.source,
+      confidence: primaryDecision.confidence,
+      violations: primaryDecision.violations,
+      reasoning: primaryDecision.reasoning,
+      suggestedFix: primaryDecision.suggestedFix
+    });
+    const output = {
+      decision: gateDecision.final,
+      source: gateDecision.source,
+      violations: primaryDecision.violations,
+      suggestedFix: primaryDecision.suggestedFix,
+      reasoning: primaryDecision.reasoning,
+      confidence: primaryDecision.confidence,
+      ...opts.json ? { judge: primaryDecision, critique: gateDecision.deepseek, selfReview: gateDecision.selfReview, evidence: packet } : {}
+    };
+    if (opts.json) {
+      console.log(JSON.stringify(output, null, 2));
+    } else {
+      const color = gateDecision.final === "block" ? chalk.red : gateDecision.final === "warn" ? chalk.yellow : chalk.green;
+      diag(color(`
+  Decision: ${gateDecision.final.toUpperCase()}`) + chalk.dim(` (source: ${gateDecision.source}, confidence: ${primaryDecision.confidence.toFixed(2)})`));
+      if (primaryDecision.violations.length > 0) diag(chalk.dim(`  Violations: ${primaryDecision.violations.join(", ")}`));
+      if (primaryDecision.suggestedFix) diag(chalk.dim(`  Fix: ${primaryDecision.suggestedFix}`));
+      diag("");
+    }
+    logger.append({ timestamp: (/* @__PURE__ */ new Date()).toISOString(), ref: diffRef, decision: gateDecision.final, source: gateDecision.source, confidence: primaryDecision.confidence, violationCount: primaryDecision.violations.length, graphViolationCount: packet.graphViolations.length, changedFiles: allChanged.length, durationMs: Date.now() - startMs });
+    if (gateDecision.final === "block") process.exit(1);
+    return;
+  }
   if (opts.file) {
     await checkFile(opts.file, { verbose: opts.verbose ?? false, debug: opts.debug ?? false, fast: opts.fast ?? false, dryRun: opts.dryRun ?? false });
     await closePool();
@@ -2289,4 +2553,134 @@ program.command("watch").description("Watch source files and check violations in
     debug: opts.debug
   });
 });
+var ARCHMIND_DIR = join(process.cwd(), ".archmind");
+var DEFAULT_ARCH_RULES = {
+  rules: [
+    { id: "domain-no-infra", name: "Domain must not import infrastructure", fromLayer: "domain", toLayer: "infrastructure", allowed: false, severity: "critical", enforcement: "block" },
+    { id: "domain-no-api", name: "Domain must not import API layer", fromLayer: "domain", toLayer: "api", allowed: false, severity: "critical", enforcement: "block" },
+    { id: "api-no-infra-direct", name: "API should not import infrastructure directly", fromLayer: "api", toLayer: "infrastructure", allowed: false, severity: "medium", enforcement: "warn" },
+    { id: "api-depends-on-domain", name: "API depends on domain", fromLayer: "api", toLayer: "domain", allowed: true, severity: "low", enforcement: "suggest" },
+    { id: "no-circular", name: "No circular dependencies", fromLayer: "*", toLayer: "*", allowed: false, severity: "critical", enforcement: "block" },
+    { id: "application-no-api", name: "Application must not import API layer", fromLayer: "application", toLayer: "api", allowed: false, severity: "critical", enforcement: "block" },
+    { id: "application-uses-domain", name: "Application depends on domain", fromLayer: "application", toLayer: "domain", allowed: true, severity: "low", enforcement: "suggest" },
+    { id: "shared-no-domain", name: "Shared must not import domain", fromLayer: "shared", toLayer: "domain", allowed: false, severity: "medium", enforcement: "warn" }
+  ]
+};
+function buildLayersTemplate(arch2) {
+  const mvc = ["nestjs", "mvc", "laravel", "go-api"].includes(arch2);
+  const frontend = ["react", "vue", "angular", "svelte", "nuxt", "react-native"].includes(arch2);
+  if (frontend) {
+    return {
+      layers: [
+        { name: "domain", paths: ["src/domain/**", "src/store/**", "src/state/**"], description: "State, models, business logic" },
+        { name: "application", paths: ["src/services/**", "src/hooks/**", "src/composables/**"], description: "App services and hooks" },
+        { name: "infrastructure", paths: ["src/api/**", "src/lib/**", "src/clients/**"], description: "External API clients, adapters" },
+        { name: "shared", paths: ["src/utils/**", "src/helpers/**", "src/constants/**"], description: "Shared utilities" }
+      ]
+    };
+  }
+  if (mvc) {
+    return {
+      layers: [
+        { name: "domain", paths: ["src/models/**", "src/entities/**"], description: "Data models and entities" },
+        { name: "application", paths: ["src/services/**"], description: "Business logic services" },
+        { name: "infrastructure", paths: ["src/repositories/**", "src/database/**", "src/infrastructure/**"], description: "DB, external APIs" },
+        { name: "api", paths: ["src/controllers/**", "src/routes/**", "src/handlers/**"], description: "HTTP handlers" },
+        { name: "shared", paths: ["src/utils/**", "src/helpers/**", "src/shared/**"], description: "Shared utilities" }
+      ]
+    };
+  }
+  return {
+    layers: [
+      { name: "domain", paths: ["src/domain/**", "src/core/domain/**", "src/modules/*/domain/**"], description: "Business logic, entities, use cases" },
+      { name: "application", paths: ["src/application/**", "src/core/application/**", "src/modules/*/application/**"], description: "Use cases and orchestration" },
+      { name: "infrastructure", paths: ["src/infrastructure/**", "src/modules/*/infrastructure/**"], description: "Database, external APIs, low-level I/O" },
+      { name: "api", paths: ["src/api/**", "src/interfaces/**", "src/controllers/**"], description: "HTTP handlers, request/response" },
+      { name: "shared", paths: ["src/shared/**", "src/utils/**", "src/helpers/**"], description: "Utilities, helpers, constants" }
+    ]
+  };
+}
+function getArchmindDir() {
+  return ARCHMIND_DIR;
+}
+var arch = program.command("arch").description("Architecture enforcement: check, review captured rules, watch for errors, log incidents");
+arch.command("review").description("Review and approve/reject auto-captured architecture rules").option("--approve-all", "Approve everything without prompting").option("--reject-all", "Reject everything without prompting").action(async (opts) => {
+  const { ApprovalQueue } = await import("./approval-queue-YBYRGBHP.js");
+  const { join: join2 } = await import("path");
+  const configDir = getArchmindDir();
+  const queue = new ApprovalQueue(configDir);
+  const pending = queue.pending();
+  if (pending.length === 0) {
+    console.log(chalk.dim("  No pending rules."));
+    return;
+  }
+  console.log(chalk.bold(`
+  Pending rules (${pending.length}):
+`));
+  if (opts.approveAll) {
+    for (const item of pending) queue.approve(item.id);
+    const count2 = queue.persistApproved(join2(configDir, "rules.json"));
+    console.log(chalk.green(`  \u2713 Approved and saved ${count2} rules`));
+    return;
+  }
+  if (opts.rejectAll) {
+    for (const item of pending) queue.reject(item.id);
+    console.log(chalk.yellow(`  \u2717 Rejected ${pending.length} rules`));
+    return;
+  }
+  for (const item of pending) {
+    console.log(chalk.cyan(`  [${item.source.toUpperCase()}]`) + ` ${item.rule.name}`);
+    console.log(chalk.dim(`    ${item.rule.description}`));
+    console.log(chalk.dim(`    captured: ${item.capturedAt}  confidence: ${item.confidence}`));
+    const { confirm: confirm2 } = await import("@inquirer/prompts");
+    const accept = await confirm2({ message: "  Keep this rule?" });
+    accept ? queue.approve(item.id) : queue.reject(item.id);
+    console.log(accept ? chalk.green("  \u2713 Kept") : chalk.yellow("  \u2717 Dropped"));
+    console.log();
+  }
+  const count = queue.persistApproved(join2(configDir, "rules.json"));
+  if (count > 0) console.log(chalk.green(`  \u2713 Saved ${count} rules to .archmind/rules.json`));
+});
+arch.command("watch").description("Watch your dev processes and auto-draft rules from errors").action(async () => {
+  const { WatchErrors, loadWatchConfig } = await import("./watch-errors-B3FA26N4.js");
+  const configDir = getArchmindDir();
+  const config = loadWatchConfig(configDir);
+  console.log(chalk.cyan("\n  Watching:"));
+  for (const cmd of config.commands) console.log(chalk.dim(`    \u2022 ${cmd}`));
+  console.log(chalk.dim("\n  Press Ctrl+C to stop.\n"));
+  const watcher = new WatchErrors(config, configDir);
+  watcher.start((rule) => {
+    console.log(chalk.yellow(`  [DRAFT] ${rule.name}`));
+    console.log(chalk.dim(`          ${rule.description.slice(0, 100)}`));
+    console.log(chalk.dim('          Run "memory-core arch review" to approve.\n'));
+  });
+  process.on("SIGINT", () => {
+    watcher.stop();
+    console.log(chalk.dim("\n  Stopped."));
+    process.exit(0);
+  });
+  await new Promise(() => {
+  });
+});
+arch.command("incident").description("Log a production incident and capture it as an architecture rule").action(async () => {
+  const { input: input2, confirm: confirm2 } = await import("@inquirer/prompts");
+  const { IncidentCaptureService } = await import("./incident-capture-RVPZULS7.js");
+  const { ApprovalQueue } = await import("./approval-queue-YBYRGBHP.js");
+  console.log(chalk.cyan("\n  Incident capture\n"));
+  const what = await input2({ message: "What broke?" });
+  const why = await input2({ message: "Root cause?" });
+  const where = await input2({ message: "Which file / layer / pattern?" });
+  const rule = new IncidentCaptureService().draftRule({ what, why, where, timestamp: (/* @__PURE__ */ new Date()).toISOString() });
+  console.log(chalk.dim(`
+  Rule: ${rule.name}`));
+  console.log(chalk.dim(`  Description: ${rule.description}
+`));
+  const save = await confirm2({ message: "Save to approval queue?" });
+  if (save) {
+    new ApprovalQueue(getArchmindDir()).add(rule, "incident", "high");
+    console.log(chalk.green('  \u2713 Saved. Run "memory-core arch review" to approve.\n'));
+  } else {
+    console.log(chalk.dim("  Discarded.\n"));
+  }
+});
 program.parseAsync(process.argv);

package/dist/confidence-gate-ZQDAOS6P.js

@@ -0,0 +1,64 @@
+#!/usr/bin/env node
+
+// src/models/self-review.ts
+var SelfReviewValidator = class {
+  validate(packet, decision) {
+    const issues = [];
+    const hasBlockViolations = packet.violations.some((v) => v.rule.enforcement === "block");
+    const hasGraphViolations = packet.graphViolations.length > 0;
+    if (decision === "allow" && hasBlockViolations) {
+      issues.push('Decision is "allow" but critical violations are present');
+    }
+    if (decision === "block" && !hasBlockViolations && !hasGraphViolations) {
+      issues.push("Block decision but no deterministic violations found \u2014 possible false positive");
+    }
+    if (decision === "allow" && hasGraphViolations) {
+      issues.push('Decision is "allow" but graph violations are present');
+    }
+    return {
+      valid: issues.length === 0,
+      reason: issues.length === 0 ? "Decision is supported by evidence" : `${issues.length} issue(s) found`,
+      issues
+    };
+  }
+};
+
+// src/models/confidence-gate.ts
+var ConfidenceGate = class {
+  constructor(config) {
+    this.config = config;
+  }
+  config;
+  selfReview = new SelfReviewValidator();
+  async decide(packet, ollama, deepseek) {
+    if (packet.violations.some((v) => v.rule.enforcement === "block")) {
+      return { final: "block", source: "deterministic", ollama, selfReview: { valid: true, reason: "AST violation", issues: [] } };
+    }
+    if (packet.graphViolations.length > 0) {
+      return { final: "block", source: "deterministic", ollama, selfReview: { valid: true, reason: "Graph violation", issues: [] } };
+    }
+    if (ollama.decision === "block" && ollama.confidence >= this.config.blockConfidenceThreshold) {
+      const sr = this.selfReview.validate(packet, "block");
+      if (sr.valid) {
+        return { final: "block", source: "ollama", ollama, selfReview: sr };
+      }
+      return { final: "warn", source: "self-review", ollama, selfReview: sr };
+    }
+    if (this.config.escalateToDeepSeek && (ollama.confidence < this.config.warnConfidenceThreshold || ollama.decision === "warn")) {
+      const ds = await deepseek(packet);
+      return { final: ds.decision, source: "deepseek", ollama, deepseek: ds };
+    }
+    return { final: ollama.decision === "block" ? "warn" : ollama.decision, source: "ollama", ollama };
+  }
+};
+function defaultGateConfig(useDeepSeek = false) {
+  return {
+    blockConfidenceThreshold: 0.75,
+    warnConfidenceThreshold: 0.6,
+    escalateToDeepSeek: useDeepSeek
+  };
+}
+export {
+  ConfidenceGate,
+  defaultGateConfig
+};