@shrkcrft/inspector 0.1.0-alpha.17 → 0.1.0-alpha.19

package/dist/agent-instructions.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"agent-instructions.d.ts","sourceRoot":"","sources":["../src/agent-instructions.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,kBAAkB,QAoBvB,CAAC"}
+{"version":3,"file":"agent-instructions.d.ts","sourceRoot":"","sources":["../src/agent-instructions.ts"],"names":[],"mappings":"AAAA,eAAO,MAAM,kBAAkB,QA+BvB,CAAC"}

package/dist/agent-instructions.js

@@ -9,6 +9,17 @@ Default behavior:
 - For generation, list_templates → get_template → create_generation_plan (dry-run by default).
 - Respect path conventions (list_path_conventions, get_path_convention).
 
+Understand existing code before you edit (prefer the graph over grep — it returns path:line truth):
+- Who calls / where is a symbol used? call get_graph_callers or code_find_usages (returns path:line).
+- What breaks if I change this file/symbol? call get_graph_impact.
+- What is the load-bearing code (change carefully / understand first)? call get_graph_hubs — most-referenced symbols + most-imported files.
+- Is code A actually wired to code B? call get_graph_path (shortest import/call/implements path between two files or symbols — the deterministic "is X wired to Y").
+- Is X wired / how does this file connect (incl. subtypes/supertypes)? call get_graph_context (get_graph_search to locate it first).
+- These read an index; if a graph tool reports it's missing or stale, run \`shrk graph index\` once.
+
+Save your tokens on MECHANICAL edits — delegate them to a local worker:
+- For a repetitive, deterministically-verifiable edit (add a barrel export, ensure an import, a glob-scoped rename) call delegate_task to get a compact brief + the exact \`shrk delegate run\` command, then run it. The local model produces the edit, the engine verifies it (and auto-reverts on failure), and you pay for the brief + result — not for reading the whole file and writing the edit yourself. \`shrk delegate list\` shows what's delegatable.
+
 Safety:
 - Never write files unless the user explicitly asks; always prefer dry-run first.
 - Never overwrite existing files unless the plan resolves all conflicts.

package/dist/ai-readiness.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ai-readiness.d.ts","sourceRoot":"","sources":["../src/ai-readiness.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAIvE;;;;;;;;;;;;;GAaG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,UAAU,GAAG,eAAe,CAAC;AAEvE,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,8FAA8F;IAC9F,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,iEAAiE;IACjE,OAAO,EAAE,kBAAkB,CAAC;IAC5B,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;AAEvE;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC,4DAA4D;IAC5D,mBAAmB,EAAE,OAAO,CAAC;IAC7B,qEAAqE;IACrE,kBAAkB,EAAE,OAAO,CAAC;IAC5B,sDAAsD;IACtD,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,8DAA8D;IAC9D,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,cAAc,CAAC;IACtB,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,8EAA8E;IAC9E,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,mEAAmE;IACnE,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,wEAAwE;IACxE,cAAc,EAAE,eAAe,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;IACd,8EAA8E;IAC9E,SAAS,EAAE,OAAO,CAAC;IACnB,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,8EAA8E;IAC9E,UAAU,EAAE,OAAO,CAAC;IACpB,wHAAwH;IACxH,aAAa,EAAE,OAAO,CAAC;CACxB;AAyED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,qBAAqB,GAAG,gBAAgB,CA2U1F"}
+{"version":3,"file":"ai-readiness.d.ts","sourceRoot":"","sources":["../src/ai-readiness.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAYvE;;;;;;;;;;;;;GAaG;AACH,MAAM,MAAM,kBAAkB,GAAG,MAAM,GAAG,UAAU,GAAG,eAAe,CAAC;AAEvE,MAAM,WAAW,mBAAmB;IAClC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,kBAAkB;IAClB,KAAK,EAAE,MAAM,CAAC;IACd,8FAA8F;IAC9F,MAAM,EAAE,MAAM,CAAC;IACf,2CAA2C;IAC3C,IAAI,EAAE,MAAM,CAAC;IACb,iEAAiE;IACjE,OAAO,EAAE,kBAAkB,CAAC;IAC5B,4EAA4E;IAC5E,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB;AAED,MAAM,MAAM,cAAc,GAAG,WAAW,GAAG,MAAM,GAAG,SAAS,GAAG,MAAM,CAAC;AAEvE;;;;GAIG;AACH,MAAM,WAAW,kBAAkB;IACjC,4DAA4D;IAC5D,mBAAmB,EAAE,OAAO,CAAC;IAC7B,qEAAqE;IACrE,kBAAkB,EAAE,OAAO,CAAC;IAC5B,sDAAsD;IACtD,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;CAC7B;AAED,MAAM,WAAW,gBAAgB;IAC/B,8DAA8D;IAC9D,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,cAAc,CAAC;IACtB,UAAU,EAAE,mBAAmB,EAAE,CAAC;IAClC,8EAA8E;IAC9E,kBAAkB,EAAE,MAAM,EAAE,CAAC;IAC7B,mEAAmE;IACnE,QAAQ,EAAE,kBAAkB,CAAC;IAC7B,wEAAwE;IACxE,cAAc,EAAE,eAAe,CAAC;CACjC;AAED;;;GAGG;AACH,MAAM,WAAW,eAAe;IAC9B,qDAAqD;IACrD,KAAK,EAAE,MAAM,CAAC;IACd,8EAA8E;IAC9E,SAAS,EAAE,OAAO,CAAC;IACnB,oEAAoE;IACpE,SAAS,EAAE,OAAO,CAAC;IACnB,8EAA8E;IAC9E,UAAU,EAAE,OAAO,CAAC;IACpB,wHAAwH;IACxH,aAAa,EAAE,OAAO,CAAC;CACxB;AAyED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA8BG;AACH,wBAAgB,sBAAsB,CAAC,UAAU,EAAE,qBAAqB,GAAG,gBAAgB,CAwV1F"}

package/dist/ai-readiness.js

@@ -2,6 +2,13 @@ import { KnowledgeType, hasActionHints } from '@shrkcrft/knowledge';
 import { WorkspaceProfile } from '@shrkcrft/workspace';
 import { diagnoseActionHints } from "./action-hint-diagnostics.js";
 import { runDoctor } from "./sharkcraft-inspector.js";
+/**
+ * Entry types that describe a *location* or a *fact* rather than an action, so
+ * they are not expected to carry actionHints and are excluded from the
+ * action-hint coverage metric. Mirrors the skip set in
+ * `action-hint-diagnostics.ts` (keep the two in sync).
+ */
+const HINT_EXEMPT_TYPES = new Set(['path', 'overview', 'technical']);
 function gradeOf(score) {
     if (score >= 85)
         return 'excellent';
@@ -217,19 +224,27 @@ export function buildAiReadinessReport(inspection) {
     });
     // No recommendation when pipelines is advisory — the old "add a pipeline"
     // exhortation fired on libraries it shouldn't have.
-    // 7) Action-hint coverage — fraction of entries that carry hints.
-    const withHints = inspection.knowledgeEntries.filter((e) => hasActionHints(e)).length;
-    const hintsScore = k === 0 ? 0 : Math.min(10, Math.round((withHints / Math.max(k, 1)) * 20));
+    // 7) Action-hint coverage — fraction of HINT-ELIGIBLE entries that carry
+    // hints. Path / overview / technical entries describe a location or a fact
+    // rather than an action, so the action-hint quality doctor deliberately
+    // doesn't grade them (see action-hint-diagnostics). Counting them in the
+    // denominator penalised the score for structural non-gaps — an entry that
+    // *can't* meaningfully carry action hints isn't a missing one — so they are
+    // excluded from both numerator and denominator here too.
+    const hintEligible = inspection.knowledgeEntries.filter((e) => !HINT_EXEMPT_TYPES.has(String(e.type).toLowerCase()));
+    const eligibleCount = hintEligible.length;
+    const withHints = hintEligible.filter((e) => hasActionHints(e)).length;
+    const hintsScore = eligibleCount === 0 ? 0 : Math.min(10, Math.round((withHints / eligibleCount) * 20));
     dims.push({
         id: 'action-hints',
         title: 'Entries with action hints',
         weight: 1.2,
         score: hintsScore,
-        note: `${withHints} of ${k} entries carry actionHints`,
+        note: `${withHints} of ${eligibleCount} hint-eligible entries carry actionHints`,
         applies: 'core',
     });
     if (hintsScore < 7)
-        recs.push('Add actionHints to high-priority rules (commands, mcpTools, forbiddenActions).');
+        recs.push('Add actionHints to high-priority entries (commands, mcpTools, forbiddenActions, relatedKnowledge).');
     // 8) Verification commands
     const haveVerify = inspection.knowledgeEntries.some((e) => (e.actionHints?.verificationCommands?.length ?? 0) > 0);
     dims.push({

package/dist/changed-preflight.d.ts

@@ -54,6 +54,13 @@ export declare function planChangedPreflight(options: {
     readonly projectRoot: string;
     readonly changedFiles: ReadonlyArray<string>;
     readonly profile?: PreflightProfile;
+    /** Override the test gate command (defaults to `bun test`). Grounded in the
+     *  project's declared verification commands by the CLI caller. */
+    readonly testCommand?: string;
+    /** Override the typecheck gate command (defaults to the base-tsconfig run). */
+    readonly typecheckCommand?: string;
+    /** Extra path prefixes that count as engine source (e.g. config-declared). */
+    readonly sourceGlobs?: readonly string[];
 }): IChangedPreflightPlan;
 export declare function renderChangedPreflightText(plan: IChangedPreflightPlan): string;
 //# sourceMappingURL=changed-preflight.d.ts.map

package/dist/changed-preflight.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"changed-preflight.d.ts","sourceRoot":"","sources":["../src/changed-preflight.ts"],"names":[],"mappings":"AAeA,eAAO,MAAM,wBAAwB,oCAAoC,CAAC;AAE1E,oBAAY,gBAAgB;IAC1B,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAED,oBAAY,eAAe;IACzB,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,SAAS,cAAc;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,kFAAkF;IAClF,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,IAAI,GAAG,WAAW,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,MAAM,EAAE,OAAO,wBAAwB,CAAC;IACjD,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,QAAQ,CAAC,eAAe,EAAE,2BAA2B,CAAC;IACtD,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AA+CD;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,QAAQ,CAAC,OAAO,CAAC,EAAE,gBAAgB,CAAC;CACrC,GAAG,qBAAqB,CA8QxB;AAED,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,qBAAqB,GAAG,MAAM,CAiB9E"}
+{"version":3,"file":"changed-preflight.d.ts","sourceRoot":"","sources":["../src/changed-preflight.ts"],"names":[],"mappings":"AAgBA,eAAO,MAAM,wBAAwB,oCAAoC,CAAC;AA6B1E,oBAAY,gBAAgB;IAC1B,KAAK,UAAU;IACf,QAAQ,aAAa;IACrB,MAAM,WAAW;CAClB;AAED,oBAAY,eAAe;IACzB,GAAG,QAAQ;IACX,IAAI,SAAS;IACb,SAAS,cAAc;CACxB;AAED,MAAM,WAAW,cAAc;IAC7B,QAAQ,CAAC,EAAE,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;IACvB,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,MAAM,EAAE,eAAe,CAAC;IACjC,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,kFAAkF;IAClF,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC;CAC3B;AAED,MAAM,WAAW,iBAAiB;IAChC,QAAQ,CAAC,MAAM,EAAE,IAAI,GAAG,WAAW,CAAC;IACpC,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;CAC1B;AAED,MAAM,WAAW,qBAAqB;IACpC,QAAQ,CAAC,MAAM,EAAE,OAAO,wBAAwB,CAAC;IACjD,QAAQ,CAAC,OAAO,EAAE,gBAAgB,CAAC;IACnC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,QAAQ,CAAC,eAAe,EAAE,2BAA2B,CAAC;IACtD,QAAQ,CAAC,KAAK,EAAE,aAAa,CAAC,cAAc,CAAC,CAAC;IAC9C,QAAQ,CAAC,OAAO,EAAE,iBAAiB,CAAC;IACpC,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;CAC9C;AAED,MAAM,WAAW,2BAA2B;IAC1C,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,WAAW,EAAE,OAAO,CAAC;IAC9B,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC;IACnC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC,QAAQ,CAAC,mBAAmB,EAAE,OAAO,CAAC;IACtC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,aAAa,EAAE,OAAO,CAAC;IAChC,QAAQ,CAAC,cAAc,EAAE,OAAO,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;CACnC;AA+DD;;;;;GAKG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE;IAC5C,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;IAC7B,QAAQ,CAAC,YAAY,EAAE,aAAa,CAAC,MAAM,CAAC,CAAC;IAC7C,QAAQ,CAAC,OAAO,CAAC,EAAE,gBAAgB,CAAC;IACpC;sEACkE;IAClE,QAAQ,CAAC,WAAW,CAAC,EAAE,MAAM,CAAC;IAC9B,+EAA+E;IAC/E,QAAQ,CAAC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IACnC,8EAA8E;IAC9E,QAAQ,CAAC,WAAW,CAAC,EAAE,SAAS,MAAM,EAAE,CAAC;CAC1C,GAAG,qBAAqB,CAmRxB;AAED,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,qBAAqB,GAAG,MAAM,CAiB9E"}

package/dist/changed-preflight.js

@@ -11,8 +11,37 @@
  * planner is intentionally conservative: a gate's `skip` decision is always
  * accompanied by a reason so the operator can see what was elided.
  */
+import { existsSync, readFileSync } from 'node:fs';
 import * as nodePath from 'node:path';
 export const CHANGED_PREFLIGHT_SCHEMA = 'sharkcraft.changed-preflight/v1';
+/**
+ * Cheap, best-effort probe: does this look like a generic JS/TS monorepo
+ * (nx / pnpm workspaces / package.json workspaces / apps+libs)? Used to widen
+ * the "engine source changed" detection beyond SharkCraft's own
+ * `packages/<package-name>/src/` layout. A couple of stat calls — no full inspect.
+ */
+function isMonorepoLike(projectRoot) {
+    try {
+        if (existsSync(nodePath.join(projectRoot, 'nx.json')))
+            return true;
+        if (existsSync(nodePath.join(projectRoot, 'pnpm-workspace.yaml')))
+            return true;
+        if (existsSync(nodePath.join(projectRoot, 'apps')) ||
+            existsSync(nodePath.join(projectRoot, 'libs'))) {
+            return true;
+        }
+        const pkgPath = nodePath.join(projectRoot, 'package.json');
+        if (existsSync(pkgPath)) {
+            const pkg = JSON.parse(readFileSync(pkgPath, 'utf8'));
+            if (pkg.workspaces)
+                return true;
+        }
+    }
+    catch {
+        // Best-effort: treat any read/parse failure as "not obviously a monorepo".
+    }
+    return false;
+}
 export var PreflightProfile;
 (function (PreflightProfile) {
     PreflightProfile["Quick"] = "quick";
@@ -25,10 +54,23 @@ export var PreflightAction;
     PreflightAction["Skip"] = "skip";
     PreflightAction["Recommend"] = "recommend";
 })(PreflightAction || (PreflightAction = {}));
-function classifyChangedFiles(files) {
+function classifyChangedFiles(files, opts = {}) {
     const norm = files.map((f) => f.replace(/\\/g, '/'));
     const match = (re) => norm.some((p) => re.test(p));
-    const anyEngineSource = match(/^packages\/[^/]+\/src\//);
+    let anyEngineSource = match(/^packages\/[^/]+\/src\//);
+    // Monorepo-aware: on an nx / workspaces / apps+libs repo, source also lives
+    // under apps/*/src, libs/*/src, or a project-root src/ — not only
+    // SharkCraft's own packages/*/src/. Without this, a large nx change is
+    // misclassified as "no engine src changed" and every src-sensitive gate is
+    // skipped. Only widen when a monorepo signal is present, so this repo's own
+    // classification is unchanged.
+    if (!anyEngineSource && opts.projectRoot && isMonorepoLike(opts.projectRoot)) {
+        anyEngineSource = match(/^(apps|libs|packages)\/[^/]+\/(src|lib)\//) || match(/^src\//);
+    }
+    // Caller-supplied source roots (e.g. derived from config) always count.
+    if (!anyEngineSource && opts.sourceGlobs?.length) {
+        anyEngineSource = norm.some((p) => opts.sourceGlobs.some((g) => p.startsWith(g)));
+    }
     const anyPackages = match(/^packages\//);
     const anyTests = match(/__tests__\/|\.test\.ts$|e2e\//);
     const anySharkcraftAssets = match(/^sharkcraft\//);
@@ -71,7 +113,12 @@ function classifyChangedFiles(files) {
  */
 export function planChangedPreflight(options) {
     const profile = options.profile ?? PreflightProfile.Standard;
-    const cls = classifyChangedFiles(options.changedFiles);
+    const cls = classifyChangedFiles(options.changedFiles, {
+        projectRoot: options.projectRoot,
+        ...(options.sourceGlobs ? { sourceGlobs: options.sourceGlobs } : {}),
+    });
+    const testCmd = options.testCommand ?? 'bun test';
+    const typecheckCmd = options.typecheckCommand ?? 'bun x tsc -p tsconfig.base.json --noEmit';
     const explanations = [];
     const gates = [];
     // 1) Boundary check — needed when engine src changed.
@@ -249,7 +296,7 @@ export function planChangedPreflight(options) {
         gates.push({
             id: 'tests',
             title: 'Bun test suite (focused subset where possible)',
-            command: 'bun test',
+            command: testCmd,
             action: PreflightAction.Run,
             reason: 'strict profile + engine src changed',
             canFail: false,
@@ -259,7 +306,7 @@ export function planChangedPreflight(options) {
         gates.push({
             id: 'tests',
             title: 'Bun test suite',
-            command: 'bun test',
+            command: testCmd,
             action: PreflightAction.Recommend,
             reason: 'engine src or tests changed; full suite not auto-run',
             canFail: true,
@@ -269,7 +316,7 @@ export function planChangedPreflight(options) {
         gates.push({
             id: 'tests',
             title: 'Bun test suite',
-            command: 'bun test',
+            command: testCmd,
             action: PreflightAction.Skip,
             reason: 'no engine src or test changes',
             canFail: true,
@@ -281,7 +328,7 @@ export function planChangedPreflight(options) {
             gates.push({
                 id: 'typecheck',
                 title: 'TypeScript --noEmit',
-                command: 'bun x tsc -p tsconfig.base.json --noEmit',
+                command: typecheckCmd,
                 action: PreflightAction.Recommend,
                 reason: 'engine src changed; not auto-run on quick profile',
                 canFail: true,
@@ -291,7 +338,7 @@ export function planChangedPreflight(options) {
             gates.push({
                 id: 'typecheck',
                 title: 'TypeScript --noEmit',
-                command: 'bun x tsc -p tsconfig.base.json --noEmit',
+                command: typecheckCmd,
                 action: PreflightAction.Run,
                 reason: 'engine src changed',
                 canFail: false,
@@ -302,7 +349,7 @@ export function planChangedPreflight(options) {
         gates.push({
             id: 'typecheck',
             title: 'TypeScript --noEmit',
-            command: 'bun x tsc -p tsconfig.base.json --noEmit',
+            command: typecheckCmd,
             action: PreflightAction.Skip,
             reason: 'no engine src changed',
             canFail: true,

package/dist/check-guardrail-globs.d.ts

@@ -0,0 +1,16 @@
+export interface IGuardrailGlobResult {
+    /** Target paths covered by at least one guardrail glob. */
+    allowed: readonly string[];
+    /** Target paths covered by NO guardrail glob — these must not be written. */
+    refused: readonly string[];
+    /** True when every target path is allowed. */
+    ok: boolean;
+}
+/**
+ * Partition `targetPaths` into allowed / refused against the recipe's
+ * `guardrailGlobs` (allow-list). An empty glob list refuses everything — a
+ * recipe with no blast-radius fence must not write (the config validator also
+ * rejects this, but the check is defensive here too).
+ */
+export declare function checkGuardrailGlobs(targetPaths: readonly string[], guardrailGlobs: readonly string[]): IGuardrailGlobResult;
+//# sourceMappingURL=check-guardrail-globs.d.ts.map

package/dist/check-guardrail-globs.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"check-guardrail-globs.d.ts","sourceRoot":"","sources":["../src/check-guardrail-globs.ts"],"names":[],"mappings":"AAmBA,MAAM,WAAW,oBAAoB;IACnC,2DAA2D;IAC3D,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3B,6EAA6E;IAC7E,OAAO,EAAE,SAAS,MAAM,EAAE,CAAC;IAC3B,8CAA8C;IAC9C,EAAE,EAAE,OAAO,CAAC;CACb;AAED;;;;;GAKG;AACH,wBAAgB,mBAAmB,CACjC,WAAW,EAAE,SAAS,MAAM,EAAE,EAC9B,cAAc,EAAE,SAAS,MAAM,EAAE,GAChC,oBAAoB,CAWtB"}

package/dist/check-guardrail-globs.js

@@ -0,0 +1,38 @@
+/**
+ * Guardrail-glob enforcement for the delegate worker.
+ *
+ * A recipe declares an ALLOW-LIST of globs (`guardrailGlobs`). A worker-emitted
+ * target path that matches NONE of them is refused before any write — this is
+ * one of the deterministic fences the model cannot influence, layered ON TOP of
+ * the generator's `safeResolveTargetPath` floor.
+ *
+ * CRITICAL: the caller MUST pass the NORMALIZED relative path that will actually
+ * be written (the output of `safeResolveTargetPath`), not the raw string a
+ * worker emitted — otherwise a `../` traversal whose `**` the glob swallows
+ * would pass the fence yet write elsewhere in-root. Matching here is
+ * CASE-SENSITIVE (file paths are case-significant on the platforms that matter),
+ * so `src/**` does not also grant `SRC/…`.
+ *
+ * Pure: deterministic glob match; no I/O, no model.
+ */
+import { globToRegex, toPosix } from "./contract-file-rule.js";
+/**
+ * Partition `targetPaths` into allowed / refused against the recipe's
+ * `guardrailGlobs` (allow-list). An empty glob list refuses everything — a
+ * recipe with no blast-radius fence must not write (the config validator also
+ * rejects this, but the check is defensive here too).
+ */
+export function checkGuardrailGlobs(targetPaths, guardrailGlobs) {
+    const matchers = guardrailGlobs.map((g) => globToRegex(toPosix(g)));
+    const allowed = [];
+    const refused = [];
+    for (const path of targetPaths) {
+        const f = toPosix(path);
+        const covered = matchers.some((re) => re.test(f));
+        if (covered)
+            allowed.push(path);
+        else
+            refused.push(path);
+    }
+    return { allowed, refused, ok: refused.length === 0 };
+}

package/dist/code-intelligence-doctor.js

@@ -56,7 +56,7 @@ export function buildCodeIntelligenceChecks(projectRoot, options = {}) {
     checks.push(...graphChecks(projectRoot, nowMs, staleDays));
     checks.push(...ruleGraphChecks(projectRoot, nowMs, staleDays));
     checks.push(...apiSurfaceChecks(projectRoot, nowMs, staleDays));
-    checks.push(...qualityGateChecks(projectRoot, nowMs));
+    checks.push(...qualityGateChecks(projectRoot, nowMs, staleDays));
     checks.push(...migrationChecks(projectRoot));
     checks.push(...architectureChecks(projectRoot, nowMs, staleDays));
     checks.push(...impactRunChecks(projectRoot, nowMs, staleDays));
@@ -319,7 +319,7 @@ function apiSurfaceChecks(projectRoot, nowMs, staleDays) {
         },
     ];
 }
-function qualityGateChecks(projectRoot, nowMs) {
+function qualityGateChecks(projectRoot, nowMs, staleDays) {
     const reportPath = nodePath.join(projectRoot, '.sharkcraft', 'quality-gates', 'last.json');
     if (!existsSync(reportPath)) {
         return [];
@@ -338,6 +338,7 @@ function qualityGateChecks(projectRoot, nowMs) {
     }
     const days = ageDays(report.startedAt, nowMs);
     const ageStr = days !== undefined ? ` ${fmtAge(days)}` : '';
+    const stale = days !== undefined && days > staleDays;
     const status = report.overall ?? 'unknown';
     const failingGates = (report.gates ?? [])
         .filter((g) => g.status === 'fail')
@@ -354,15 +355,34 @@ function qualityGateChecks(projectRoot, nowMs) {
         ];
     }
     if (status === 'fail') {
+        const failMsg = failingGates.length > 0
+            ? `Last gate FAIL${ageStr} — ${failingGates.join(', ')}.`
+            : `Last gate FAIL${ageStr}.`;
+        // An old FAIL is stale maintenance, not a verified current regression:
+        // age it out into a folded advisory that nudges a re-run instead of a
+        // hard Warning that masks the (now-unknown) state of the tree. A fresh
+        // FAIL stays loud. Mirrors the stale handling in apiSurfaceChecks /
+        // architectureChecks so the whole code-intelligence section is consistent.
+        if (stale) {
+            return [
+                {
+                    id: 'code-intelligence-quality-gate',
+                    title: 'Quality gate (last run)',
+                    severity: DoctorSeverity.Info,
+                    advisory: true,
+                    category: CATEGORY,
+                    message: `${failMsg} Stale (>${staleDays}d) — may not reflect the current tree.`,
+                    fix: 'Re-run `shrk gate` to refresh.',
+                },
+            ];
+        }
         return [
             {
                 id: 'code-intelligence-quality-gate',
                 title: 'Quality gate (last run)',
                 severity: DoctorSeverity.Warning,
                 category: CATEGORY,
-                message: failingGates.length > 0
-                    ? `Last gate FAIL${ageStr} — ${failingGates.join(', ')}.`
-                    : `Last gate FAIL${ageStr}.`,
+                message: failMsg,
                 fix: 'Re-run with `shrk gate` and address the failing gate(s).',
                 whyThisMatters: 'The quality gate is the one-shot pass/fail the dashboard and CI agents trust — leaving it red hides real regressions.',
             },

package/dist/command-recommender.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"command-recommender.d.ts","sourceRoot":"","sources":["../src/command-recommender.ts"],"names":[],"mappings":"AASA,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAEvE,eAAO,MAAM,0BAA0B,sCAAsC,CAAC;AAE9E,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,WAAW,GAAG,eAAe,GAAG,gBAAgB,GAAG,eAAe,GAAG,YAAY,CAAC;IAC/F,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,OAAO,0BAA0B,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,SAAS,sBAAsB,EAAE,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5B,iEAAiE;IACjE,WAAW,EAAE,kBAAkB,CAAC;CACjC;AAqED,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,qBAAqB,EACjC,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAO,GAClD,OAAO,CAAC,4BAA4B,CAAC,CAoFvC"}
+{"version":3,"file":"command-recommender.d.ts","sourceRoot":"","sources":["../src/command-recommender.ts"],"names":[],"mappings":"AASA,OAAO,EAEL,KAAK,kBAAkB,EACxB,MAAM,yBAAyB,CAAC;AACjC,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAEvE,eAAO,MAAM,0BAA0B,sCAAsC,CAAC;AAE9E,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,MAAM,CAAC;IAChB,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,WAAW,GAAG,eAAe,GAAG,gBAAgB,GAAG,eAAe,GAAG,YAAY,CAAC;IAC/F,QAAQ,CAAC,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,4BAA4B;IAC3C,MAAM,EAAE,OAAO,0BAA0B,CAAC;IAC1C,WAAW,EAAE,MAAM,CAAC;IACpB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,eAAe,EAAE,SAAS,sBAAsB,EAAE,CAAC;IACnD,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,SAAS,MAAM,EAAE,CAAC;IAC5B,iEAAiE;IACjE,WAAW,EAAE,kBAAkB,CAAC;CACjC;AAgFD,wBAAsB,iBAAiB,CACrC,UAAU,EAAE,qBAAqB,EACjC,KAAK,EAAE,MAAM,EACb,OAAO,GAAE;IAAE,SAAS,CAAC,EAAE,MAAM,CAAC;IAAC,IAAI,CAAC,EAAE,MAAM,CAAA;CAAO,GAClD,OAAO,CAAC,4BAA4B,CAAC,CAoFvC"}

package/dist/command-recommender.js

@@ -51,18 +51,30 @@ const RECIPES = [
         ],
     },
     {
-        match: /code[-\s]?intel|code intelligence|code graph|graph status|graph health|import cycle|unresolved import|blast radius|callers|dependents/i,
+        match: /code[-\s]?intel|code intelligence|code graph|graph status|graph health|import cycle|unresolved import|blast radius|callers|dependents|who calls|who uses|where is .*\bused|find usages|usages? of|is .*\bwired|wired (up|to)|wire[ds]? .*\bto\b|path (from|between)|reach(es|able)|connected to|who implements|implementations? of|subclass|subtype|load[-\s]?bearing|\bhubs?\b|most[-\s](depended|imported|referenced)|what.*change carefully|important.*\b(code|files?|symbols?)|what breaks if|what calls|call sites?|trace .*\b(symbol|function|usage)/i,
         recommendations: [
+            { command: 'shrk graph callers <symbol>', why: 'Who calls / references a symbol, as path:line — the grep replacement for "who calls X / where is X used".' },
+            { command: 'shrk graph path <from> <to>', why: 'Is code A actually wired to code B? Shortest import/call/implements path between two files or symbols — the deterministic answer to "is X wired to Y".' },
+            { command: 'shrk graph hubs', why: 'The most-depended-on symbols/files (biggest blast radius) — what to change carefully or understand first when onboarding.' },
+            { command: 'shrk graph context <file-or-symbol>', why: 'Inspect one file or symbol with imports, callers, subtypes/supertypes, bridge context, and framework hits — answers "is X wired".' },
+            { command: 'shrk graph impact <file-or-symbol> --full', why: 'What breaks if you change it: graph-backed dependents, caller files, rules, and likely tests.' },
             { command: 'shrk code-intel', why: 'One-shot health view across the code graph, bridge, and quality gates.' },
             { command: 'shrk graph status', why: 'Check whether the code graph is present, fresh, and internally consistent.' },
-            { command: 'shrk graph cycles', why: 'List import cycles that inflate blast-radius calculations.' },
             { command: 'shrk graph unresolved', why: 'Find unresolved imports that undercut graph accuracy.' },
-            { command: 'shrk graph context <file-or-symbol>', why: 'Inspect one file or symbol with imports, callers, bridge context, and framework hits.' },
-            { command: 'shrk graph impact <file-or-symbol> --full', why: 'Estimate blast radius with graph-backed dependents, caller files, rules, and likely tests.' },
+        ],
+    },
+    {
+        match: /delegate|mechanical (edit|task|change|refactor)|grunt (work|task)|boilerplate|repetitive edit|hand (this|it|off) (off |over )?to (a |the )?(local |worker|model)|add (a |an )?(barrel )?(export|import)\b|local (llm|model) (do|handle|make)/i,
+        recommendations: [
+            { command: 'shrk delegate list', why: 'See the MECHANICAL task recipes a local-LLM worker can handle (the engine verifies the result + auto-reverts on failure). Each is fenced to specific files + op kinds.' },
+            { command: 'shrk delegate run "<task>" --recipe <id> --apply', why: 'Hand a mechanical, deterministically-verifiable edit to the LOCAL worker — you pay for a compact brief + result instead of reading the whole file and writing the edit. The edit lands only if it passes the recipe verification.' },
+            { command: 'shrk delegate explain <id>', why: 'Audit a recipe before trusting it: the allowed ops, guardrail globs, and whether its verification is bound.' },
         ],
     },
 ];
 function safetyLevelFor(command) {
+    if (/^shrk delegate run/i.test(command))
+        return 'writes-source';
     if (/^shrk (gen|init|apply|import|presets apply --write|packs (sign|new))/i.test(command))
         return 'writes-source';
     if (/^shrk (onboard|brief|dev start|handoff|export|report site|impact|ci scaffold|simulate|orchestrate)/i.test(command))

package/dist/contract-file-rule.d.ts

@@ -19,6 +19,14 @@ export interface IContractFileRule {
     reason?: string;
     severity?: ContractFileRuleSeverity;
 }
+export declare function toPosix(p: string): string;
+/**
+ * Translate a deterministic POSIX-style glob to a regex anchored at both ends.
+ * Case-sensitive by itself — `matchContractFileRule` lowercases its inputs for
+ * the contract use-case, but security-sensitive callers (the delegate guardrail)
+ * use this directly to keep file-path case significant.
+ */
+export declare function globToRegex(pattern: string): RegExp;
 /** Pure matcher — returns true when `file` is covered by `rule`. */
 export declare function matchContractFileRule(rule: IContractFileRule, file: string): boolean;
 export interface IContractFileRuleMatch {

package/dist/contract-file-rule.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"contract-file-rule.d.ts","sourceRoot":"","sources":["../src/contract-file-rule.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,oBAAoB;IAC9B,IAAI,SAAS;IACb,UAAU,gBAAgB;IAC1B,KAAK,UAAU;IACf,QAAQ,aAAa;CACtB;AAED,oBAAY,wBAAwB;IAClC,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,oBAAoB,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,wBAAwB,CAAC;CACrC;AAyCD,oEAAoE;AACpE,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAapF;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,iBAAiB,CAAC;CACzB;AAED,sEAAsE;AACtE,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,SAAS,iBAAiB,EAAE,EACnC,KAAK,EAAE,SAAS,MAAM,EAAE,GACvB,SAAS,sBAAsB,EAAE,CAQnC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,SAAS,MAAM,EAAE,GAC1B,SAAS,iBAAiB,EAAE,CAE9B;AAED,6DAA6D;AAC7D,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAQxE"}
+{"version":3,"file":"contract-file-rule.d.ts","sourceRoot":"","sources":["../src/contract-file-rule.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,oBAAY,oBAAoB;IAC9B,IAAI,SAAS;IACb,UAAU,gBAAgB;IAC1B,KAAK,UAAU;IACf,QAAQ,aAAa;CACtB;AAED,oBAAY,wBAAwB;IAClC,KAAK,UAAU;IACf,OAAO,YAAY;CACpB;AAED,MAAM,WAAW,iBAAiB;IAChC,OAAO,EAAE,MAAM,CAAC;IAChB,IAAI,EAAE,oBAAoB,CAAC;IAC3B,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,wBAAwB,CAAC;CACrC;AAED,wBAAgB,OAAO,CAAC,CAAC,EAAE,MAAM,GAAG,MAAM,CAEzC;AAMD;;;;;GAKG;AACH,wBAAgB,WAAW,CAAC,OAAO,EAAE,MAAM,GAAG,MAAM,CA4BnD;AAED,oEAAoE;AACpE,wBAAgB,qBAAqB,CAAC,IAAI,EAAE,iBAAiB,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAapF;AAED,MAAM,WAAW,sBAAsB;IACrC,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,iBAAiB,CAAC;CACzB;AAED,sEAAsE;AACtE,wBAAgB,sBAAsB,CACpC,KAAK,EAAE,SAAS,iBAAiB,EAAE,EACnC,KAAK,EAAE,SAAS,MAAM,EAAE,GACvB,SAAS,sBAAsB,EAAE,CAQnC;AAED;;;GAGG;AACH,wBAAgB,sBAAsB,CACpC,QAAQ,EAAE,SAAS,MAAM,EAAE,GAC1B,SAAS,iBAAiB,EAAE,CAE9B;AAED,6DAA6D;AAC7D,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,GAAG,iBAAiB,CAQxE"}

package/dist/contract-file-rule.js

@@ -15,14 +15,19 @@ export var ContractFileRuleSeverity;
     ContractFileRuleSeverity["Error"] = "error";
     ContractFileRuleSeverity["Warning"] = "warning";
 })(ContractFileRuleSeverity || (ContractFileRuleSeverity = {}));
-function toPosix(p) {
+export function toPosix(p) {
     return p.replace(/\\/g, '/').replace(/^\.\//, '');
 }
 function escapeRegex(s) {
     return s.replace(/[.+^$(){}|\\[\]]/g, '\\$&');
 }
-/** Translate a deterministic POSIX-style glob to a regex anchored at both ends. */
-function globToRegex(pattern) {
+/**
+ * Translate a deterministic POSIX-style glob to a regex anchored at both ends.
+ * Case-sensitive by itself — `matchContractFileRule` lowercases its inputs for
+ * the contract use-case, but security-sensitive callers (the delegate guardrail)
+ * use this directly to keep file-path case significant.
+ */
+export function globToRegex(pattern) {
     const p = toPosix(pattern);
     let re = '';
     let i = 0;

package/dist/coverage-report.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"coverage-report.d.ts","sourceRoot":"","sources":["../src/coverage-report.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGvE,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,sCAAsC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAOD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,qBAAqB,GAAG,eAAe,CAiLtF"}
+{"version":3,"file":"coverage-report.d.ts","sourceRoot":"","sources":["../src/coverage-report.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,2BAA2B,CAAC;AAGvE,MAAM,WAAW,iBAAiB;IAChC,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,KAAK,EAAE,MAAM,CAAC;IACd,+CAA+C;IAC/C,OAAO,EAAE,MAAM,EAAE,CAAC;CACnB;AAED,MAAM,WAAW,eAAe;IAC9B,UAAU,EAAE,iBAAiB,EAAE,CAAC;IAChC,sCAAsC;IACtC,OAAO,EAAE,MAAM,CAAC;IAChB,6BAA6B;IAC7B,WAAW,EAAE,MAAM,EAAE,CAAC;CACvB;AAOD;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,UAAU,EAAE,qBAAqB,GAAG,eAAe,CA6LtF"}

package/dist/coverage-report.js

@@ -181,7 +181,20 @@ export function buildCoverageReport(inspection) {
             missing,
         });
     }
-    const overall = Math.round(categories.reduce((s, c) => s + c.score, 0) / Math.max(categories.length, 1));
+    // `overall` measures how well the USER has grounded THIS repo, so two kinds
+    // of category must not inflate it:
+    //   1. Empty categories (total === 0) — they vacuously score 100 (see `pct`),
+    //      so a repo that just hasn't configured boundaries/packs would read as
+    //      perfectly grounded and tell the agent to skip adding rules.
+    //   2. `preset-references` — it scores the BUILT-IN preset registry's
+    //      validity (≈72/72 always), not the user's configuration, so on an
+    //      otherwise-empty repo it alone would peg the overall at 100.
+    // Both stay as displayed categories; they're just out of the average.
+    // 0 when nothing user-authored is configured (honest: no coverage to report).
+    const scored = categories.filter((c) => c.total > 0 && c.id !== 'preset-references');
+    const overall = scored.length > 0
+        ? Math.round(scored.reduce((s, c) => s + c.score, 0) / scored.length)
+        : 0;
     if (overall < 60)
         suggestions.push('Pair every critical rule with action hints + verification commands.');
     if (overall < 80)

package/dist/delegate-catalog.d.ts

@@ -0,0 +1,45 @@
+/**
+ * Resolve the delegate-recipe catalog from a loaded config (read-only, NO model).
+ *
+ * Merges the delegation-level `provider`/`model` defaults into each recipe and
+ * checks every `verificationId` against the config's `verificationCommands[]`.
+ * A recipe is `delegatable` only when ALL its verification ids are bound — a
+ * recipe with an unbound (or empty) verification has no deterministic gate, so
+ * `shrk delegate explain` can show an author the fence is real before trusting
+ * it. Pack-contributed recipes (Phase 4) will merge in here too.
+ */
+import type { IDelegateRecipe, ISharkCraftConfig } from '@shrkcrft/config';
+export interface IResolvedDelegateRecipe extends IDelegateRecipe {
+    /** Provider after applying the delegation-level default (never undefined). */
+    resolvedProvider: 'auto' | 'ollama' | 'llamacpp';
+    /** Model after applying the delegation-level default (undefined = provider default). */
+    resolvedModel?: string;
+    /** verificationIds that do NOT resolve to a `verificationCommands[].id`. */
+    unboundVerificationIds: readonly string[];
+    /** True when every verificationId resolves AND at least one is declared. */
+    verificationBound: boolean;
+    /** True when the recipe is safe to delegate (verification fully bound). */
+    delegatable: boolean;
+    /** Where the recipe came from. */
+    source: 'config' | 'pack';
+    /** Contributing pack, when `source === 'pack'`. */
+    packageName?: string;
+}
+/** A pack-contributed recipe (shape from `loadDelegateRecipesFromPacks`). */
+export interface IPackRecipeInput {
+    recipe: IDelegateRecipe;
+    packageName: string;
+}
+/**
+ * Resolve the delegate catalog from config + pack-contributed recipes.
+ *
+ * Merge order: pack recipes first, then INLINE config recipes override a pack
+ * recipe of the same id. `recipeOverrides` (by id) then patch model /
+ * verificationIds / guardrailGlobs, or drop the recipe (`enabled: false`).
+ * Finally each recipe's `verificationIds` are checked against
+ * `verificationCommands[]` — `delegatable` only when all are bound.
+ */
+export declare function resolveDelegateCatalog(config: ISharkCraftConfig, packRecipes?: readonly IPackRecipeInput[]): readonly IResolvedDelegateRecipe[];
+/** Look up one resolved recipe by id (config recipes only; no pack loading). */
+export declare function findDelegateRecipe(config: ISharkCraftConfig, recipeId: string): IResolvedDelegateRecipe | undefined;
+//# sourceMappingURL=delegate-catalog.d.ts.map

package/dist/delegate-catalog.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegate-catalog.d.ts","sourceRoot":"","sources":["../src/delegate-catalog.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AACH,OAAO,KAAK,EAAE,eAAe,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAE3E,MAAM,WAAW,uBAAwB,SAAQ,eAAe;IAC9D,8EAA8E;IAC9E,gBAAgB,EAAE,MAAM,GAAG,QAAQ,GAAG,UAAU,CAAC;IACjD,wFAAwF;IACxF,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,4EAA4E;IAC5E,sBAAsB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC1C,4EAA4E;IAC5E,iBAAiB,EAAE,OAAO,CAAC;IAC3B,2EAA2E;IAC3E,WAAW,EAAE,OAAO,CAAC;IACrB,kCAAkC;IAClC,MAAM,EAAE,QAAQ,GAAG,MAAM,CAAC;IAC1B,mDAAmD;IACnD,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,6EAA6E;AAC7E,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,eAAe,CAAC;IACxB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED;;;;;;;;GAQG;AACH,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,iBAAiB,EACzB,WAAW,GAAE,SAAS,gBAAgB,EAAO,GAC5C,SAAS,uBAAuB,EAAE,CAkCpC;AAED,gFAAgF;AAChF,wBAAgB,kBAAkB,CAChC,MAAM,EAAE,iBAAiB,EACzB,QAAQ,EAAE,MAAM,GACf,uBAAuB,GAAG,SAAS,CAErC"}

package/dist/delegate-catalog.js

@@ -0,0 +1,50 @@
+/**
+ * Resolve the delegate catalog from config + pack-contributed recipes.
+ *
+ * Merge order: pack recipes first, then INLINE config recipes override a pack
+ * recipe of the same id. `recipeOverrides` (by id) then patch model /
+ * verificationIds / guardrailGlobs, or drop the recipe (`enabled: false`).
+ * Finally each recipe's `verificationIds` are checked against
+ * `verificationCommands[]` — `delegatable` only when all are bound.
+ */
+export function resolveDelegateCatalog(config, packRecipes = []) {
+    const delegation = config.delegation;
+    if (!delegation)
+        return [];
+    const known = new Set((config.verificationCommands ?? []).map((v) => v.id));
+    const overrides = delegation.recipeOverrides ?? {};
+    const byId = new Map();
+    for (const pr of packRecipes)
+        byId.set(pr.recipe.id, { recipe: pr.recipe, source: 'pack', packageName: pr.packageName });
+    for (const recipe of delegation.recipes ?? [])
+        byId.set(recipe.id, { recipe, source: 'config' });
+    const out = [];
+    for (const { recipe, source, packageName } of byId.values()) {
+        const ov = overrides[recipe.id];
+        if (ov?.enabled === false)
+            continue; // dropped by override
+        const merged = {
+            ...recipe,
+            ...(ov?.model !== undefined ? { model: ov.model } : {}),
+            ...(ov?.verificationIds !== undefined ? { verificationIds: ov.verificationIds } : {}),
+            ...(ov?.guardrailGlobs !== undefined ? { guardrailGlobs: ov.guardrailGlobs } : {}),
+        };
+        const unbound = (merged.verificationIds ?? []).filter((id) => !known.has(id));
+        const verificationBound = unbound.length === 0 && (merged.verificationIds ?? []).length > 0;
+        out.push({
+            ...merged,
+            resolvedProvider: merged.provider ?? delegation.provider ?? 'auto',
+            ...(merged.model ?? delegation.model ? { resolvedModel: merged.model ?? delegation.model } : {}),
+            unboundVerificationIds: unbound,
+            verificationBound,
+            delegatable: verificationBound,
+            source,
+            ...(packageName ? { packageName } : {}),
+        });
+    }
+    return out;
+}
+/** Look up one resolved recipe by id (config recipes only; no pack loading). */
+export function findDelegateRecipe(config, recipeId) {
+    return resolveDelegateCatalog(config).find((r) => r.id === recipeId);
+}

package/dist/delegate-doctor.d.ts

@@ -0,0 +1,15 @@
+/**
+ * `shrk doctor` checks for delegate-worker recipe health.
+ *
+ * Surfaces recipes that are NOT delegatable — a recipe whose `verificationIds`
+ * don't all resolve to `verificationCommands[]` (incl. after `recipeOverrides`)
+ * has no deterministic gate, so `shrk delegate run` would refuse it. `runDoctor`
+ * has no other surface for this (it doesn't run `validateConfig`), so this is the
+ * proactive catch. Sync + config-only (pack-recipe health is `delegate explain`,
+ * which can load pack files async); silent when the repo hasn't opted into
+ * delegation.
+ */
+import type { ISharkCraftConfig } from '@shrkcrft/config';
+import { type IDoctorCheck } from './doctor-result.js';
+export declare function buildDelegateRecipeChecks(config: ISharkCraftConfig | null): IDoctorCheck[];
+//# sourceMappingURL=delegate-doctor.d.ts.map

package/dist/delegate-doctor.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"delegate-doctor.d.ts","sourceRoot":"","sources":["../src/delegate-doctor.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AACH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAC1D,OAAO,EAAkB,KAAK,YAAY,EAAE,MAAM,oBAAoB,CAAC;AAGvE,wBAAgB,yBAAyB,CAAC,MAAM,EAAE,iBAAiB,GAAG,IAAI,GAAG,YAAY,EAAE,CAiC1F"}