@webpresso/agent-kit 0.26.2 → 0.27.0

package/.claude-plugin/marketplace.json

@@ -6,7 +6,7 @@
   },
   "metadata": {
     "description": "Webpresso agent-kit Claude Code plugin: blueprints, skills, hooks, MCP server",
-    "version": "0.26.2"
+    "version": "0.27.0"
   },
   "plugins": [
     {
@@ -23,5 +23,5 @@
       ]
     }
   ],
-  "version": "0.26.2"
+  "version": "0.27.0"
 }

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "webpresso",
-  "version": "0.26.2",
+  "version": "0.27.0",
   "description": "Webpresso agent-kit: blueprints, skills, lore commit protocol, tech-debt lifecycle",
   "skills": "./skills",
   "commands": "./commands",

package/catalog/AGENTS.md.tpl

@@ -36,9 +36,9 @@ vp install && vp run setup:agent  # setup:agent runs wp setup, which scaffolds .
 agent-kit's catalog is the single source of truth for generated agent surfaces.
 Agent-kit owns the generated agent surfaces in this file; the Webpresso CLI host owns the end-user command surface.
 To customize skills, commands, or workflows, edit them in agent-kit's catalog
-and publish — not in individual repos. The default `omx` preset chains
-`omx setup --yes --scope user` and installs missing OMX through
-`vp install -g oh-my-codex`. The default `omc` preset ensures OMC through
+and publish — not in individual repos. The default `omx` preset refreshes
+Vite+ through `vp upgrade`, chains `omx setup --yes --scope user`, and installs
+missing OMX through `vp install -g oh-my-codex`. The default `omc` preset ensures OMC through
 Claude Code's plugin marketplace in user scope when `claude` is on `PATH`.
 `wp setup` also repairs the managed `.gitignore` block for regenerated agent
 surfaces so repo-local `.codex/`,

package/dist/esm/audit/no-first-party-mjs.d.ts

@@ -0,0 +1,5 @@
+import type { RepoAuditResult } from './repo-guardrails.js';
+export declare function isIgnoredNoFirstPartyMjsPath(relativePath: string): boolean;
+export declare function findTrackedFirstPartyMjsPaths(trackedPaths: readonly string[]): string[];
+export declare function auditNoFirstPartyMjs(rootDirectory?: string): RepoAuditResult;
+//# sourceMappingURL=no-first-party-mjs.d.ts.map

package/dist/esm/audit/no-first-party-mjs.js

@@ -0,0 +1,83 @@
+import { execFileSync } from 'node:child_process';
+import { existsSync } from 'node:fs';
+import { join, resolve } from 'node:path';
+const IGNORED_PATH_PREFIXES = [
+    'node_modules',
+    'dist',
+    'build',
+    'coverage',
+    '.wrangler',
+    '.codex',
+    '.omx',
+    '.omc',
+    'logs',
+    '.test-reports',
+    '.webpresso/generated',
+];
+export function isIgnoredNoFirstPartyMjsPath(relativePath) {
+    const normalized = relativePath.replace(/\\/gu, '/');
+    return IGNORED_PATH_PREFIXES.some((prefix) => normalized === prefix || normalized.startsWith(`${prefix}/`));
+}
+export function findTrackedFirstPartyMjsPaths(trackedPaths) {
+    return trackedPaths
+        .map((path) => path.replace(/\\/gu, '/'))
+        .filter((path) => path.endsWith('.mjs'))
+        .filter((path) => !isIgnoredNoFirstPartyMjsPath(path))
+        .toSorted();
+}
+function fail(root, message) {
+    return {
+        ok: false,
+        title: 'no first-party .mjs',
+        checked: 0,
+        violations: [{ file: root, message }],
+    };
+}
+function resolveCanonicalRepoRoot(rootDirectory) {
+    const requestedRoot = resolve(rootDirectory);
+    let gitRoot;
+    try {
+        gitRoot = resolve(execFileSync('git', ['rev-parse', '--show-toplevel'], {
+            cwd: requestedRoot,
+            encoding: 'utf8',
+            stdio: ['ignore', 'pipe', 'pipe'],
+        }).trim());
+    }
+    catch {
+        return fail(requestedRoot, `run no-first-party-mjs from a canonical repo root; ${requestedRoot} is not a git repository root`);
+    }
+    if (requestedRoot !== gitRoot) {
+        return fail(requestedRoot, `run no-first-party-mjs from the canonical repo root ${gitRoot}; refusing to scan ${requestedRoot}`);
+    }
+    if (!existsSync(join(gitRoot, 'package.json'))) {
+        return fail(requestedRoot, `run no-first-party-mjs from a canonical repo root with package.json; ${gitRoot} does not qualify`);
+    }
+    return { ok: true, root: gitRoot };
+}
+function listTrackedFiles(root) {
+    const output = execFileSync('git', ['ls-files'], {
+        cwd: root,
+        encoding: 'utf8',
+        stdio: ['ignore', 'pipe', 'pipe'],
+    });
+    return output
+        .split('\n')
+        .map((line) => line.trim())
+        .filter(Boolean);
+}
+export function auditNoFirstPartyMjs(rootDirectory = process.cwd()) {
+    const canonical = resolveCanonicalRepoRoot(rootDirectory);
+    if ('violations' in canonical)
+        return canonical;
+    const violations = findTrackedFirstPartyMjsPaths(listTrackedFiles(canonical.root)).map((file) => ({
+        file,
+        message: 'tracked first-party .mjs files are forbidden; rename this file to .ts',
+    }));
+    return {
+        ok: violations.length === 0,
+        title: 'no first-party .mjs',
+        checked: violations.length,
+        violations,
+    };
+}
+//# sourceMappingURL=no-first-party-mjs.js.map

package/dist/esm/audit/repo-guardrails.d.ts

@@ -73,6 +73,23 @@ export interface NoRelativeParentImportsOptions {
  * tsconfig `extends`, `paths`, `references`, etc.
  */
 export declare function auditNoRelativeParentImports(root: string, options?: NoRelativeParentImportsOptions): RepoAuditResult;
+export interface TestIsolationOptions {
+    /** Directory to scan for test files. Defaults to `src`. */
+    srcDir?: string;
+    /** Test-file suffixes to inspect. Defaults to `.test.ts` / `.test.tsx`. */
+    extensions?: readonly string[];
+}
+/**
+ * Fail if any `*.test.ts` reaches the repo's own `catalog/` template source
+ * through `process.cwd()`. The catalog tree is the source of every
+ * agent-surface template, so a `process.cwd()`-anchored path is both brittle
+ * (it depends on the runner's working directory) and the exact pattern behind
+ * the scaffold-agents-md footgun, where a test read the live
+ * `catalog/AGENTS.md.tpl` off cwd. Anchor catalog reads to the package via the
+ * import.meta-based `resolveCatalogDir()` helper instead, and write only into
+ * `mkdtemp`/`tmpdir` sandboxes.
+ */
+export declare function auditTestIsolation(root: string, options?: TestIsolationOptions): RepoAuditResult;
 export interface NoRelativePackageScriptsOptions {
     /** Glob-style subdirectory patterns relative to root to skip. */
     excludeDirs?: readonly string[];

package/dist/esm/audit/repo-guardrails.js

@@ -809,6 +809,81 @@ function walkTsconfigParentPaths(startDir, reportRoot, violations) {
     walk(startDir);
     return checked;
 }
+const TEST_ISOLATION_SKIP_DIRS = new Set([
+    'node_modules',
+    'dist',
+    'build',
+    '.git',
+    '.cache',
+    '.next',
+    '.turbo',
+    '.omx',
+    '.stryker-tmp',
+    '.claude',
+    // Scaffolding templates become a downstream consumer's tree, not ours.
+    'template',
+    // Workspace-level scratch/archive space.
+    '_sandbox',
+]);
+// `(join|resolve)(process.cwd(), ... 'catalog' ...)` — a test reaching into the
+// live catalog template source off the runner's working directory.
+const CWD_CATALOG_PATH_PATTERN = /\b(?:join|resolve)\s*\(\s*process\.cwd\(\)[^)]*\bcatalog\b/;
+/**
+ * Fail if any `*.test.ts` reaches the repo's own `catalog/` template source
+ * through `process.cwd()`. The catalog tree is the source of every
+ * agent-surface template, so a `process.cwd()`-anchored path is both brittle
+ * (it depends on the runner's working directory) and the exact pattern behind
+ * the scaffold-agents-md footgun, where a test read the live
+ * `catalog/AGENTS.md.tpl` off cwd. Anchor catalog reads to the package via the
+ * import.meta-based `resolveCatalogDir()` helper instead, and write only into
+ * `mkdtemp`/`tmpdir` sandboxes.
+ */
+export function auditTestIsolation(root, options = {}) {
+    const srcDir = resolve(root, options.srcDir ?? 'src');
+    const extensions = options.extensions ?? ['.test.ts', '.test.tsx'];
+    const violations = [];
+    let checked = 0;
+    function walk(dir) {
+        if (!existsSync(dir))
+            return;
+        for (const entry of readdirSync(dir, { withFileTypes: true })) {
+            const full = join(dir, entry.name);
+            if (entry.isDirectory()) {
+                if (TEST_ISOLATION_SKIP_DIRS.has(entry.name))
+                    continue;
+                walk(full);
+                continue;
+            }
+            if (!entry.isFile())
+                continue;
+            if (!extensions.some((ext) => entry.name.endsWith(ext)))
+                continue;
+            checked++;
+            const content = readFileSync(full, 'utf-8');
+            const rel = relativePath(root, full);
+            const lines = content.split('\n');
+            for (let i = 0; i < lines.length; i++) {
+                const line = lines[i] ?? '';
+                // Skip comment lines so prose referencing the pattern doesn't trip it.
+                if (/^\s*(?:\/\/|\/\*|\*)/.test(line))
+                    continue;
+                if (CWD_CATALOG_PATH_PATTERN.test(line)) {
+                    violations.push({
+                        file: rel,
+                        message: `Line ${i + 1}: test reads the catalog template source via process.cwd() — anchor catalog reads to the package with resolveCatalogDir() (import.meta-based) so the test does not depend on the runner's working directory: ${line.trim()}`,
+                    });
+                }
+            }
+        }
+    }
+    walk(srcDir);
+    return {
+        ok: violations.length === 0,
+        title: 'test-isolation',
+        checked,
+        violations,
+    };
+}
 function withFilePrefix(file, auditResult) {
     return {
         ...auditResult,

package/dist/esm/blueprint/aggregate.d.ts

@@ -50,9 +50,9 @@ export declare const readTargetSchema: z.ZodObject<{
     project_id: z.ZodOptional<z.ZodString>;
     scope: z.ZodOptional<z.ZodEnum<{
         all: "all";
+        workspace: "workspace";
         current: "current";
         roots: "roots";
-        workspace: "workspace";
     }>>;
 }, z.core.$strict>;
 export type ReadTarget = z.infer<typeof readTargetSchema>;

package/dist/esm/blueprint/core/schema.d.ts

@@ -39,8 +39,8 @@ export declare const lifecycleBlueprintStatusSchema: z.ZodEnum<{
  */
 export declare const taskStatusSchema: z.ZodEnum<{
     blocked: "blocked";
-    todo: "todo";
     done: "done";
+    todo: "todo";
     in_progress: "in_progress";
 }>;
 /**

package/dist/esm/blueprint/db/enums.d.ts

@@ -27,8 +27,8 @@ export declare const blueprintComplexitySchema: z.ZodEnum<{
 export declare const taskStatusSchema: z.ZodEnum<{
     blocked: "blocked";
     "in-progress": "in-progress";
-    todo: "todo";
     done: "done";
+    todo: "todo";
     dropped: "dropped";
 }>;
 export declare const techDebtStatusSchema: z.ZodEnum<{

package/dist/esm/cli/commands/audit-core.d.ts

@@ -1,5 +1,5 @@
 import type { RepoAuditResult } from '#audit/repo-guardrails';
-export type AuditKind = 'tph' | 'tph-e2e' | 'bundle-budget' | 'commit-message' | 'blueprint-lifecycle' | 'roadmap-links' | 'docs-frontmatter' | 'catalog-drift' | 'package-surface' | 'agents' | 'tech-debt' | 'no-relative-parent-imports' | 'no-link-protocol' | 'vision' | 'bucket-boundary' | 'skill-sizes' | 'broken-refs' | 'memory-rotation' | 'gitignore-agent-surfaces' | 'memory-unified' | 'compile-drift' | 'architecture-drift' | 'cloudflare-deploy-contract' | 'toolchain-isolation' | 'absolute-path-policy' | 'agent-cost' | 'blueprint-db-consistency' | 'blueprint-lifecycle-sql' | 'tech-debt-cadence' | 'cross-repo-correlation' | 'ai-contracts' | 'mutation' | 'quality' | 'guardrails' | 'hook-surface' | 'no-relative-package-scripts';
+export type AuditKind = 'tph' | 'tph-e2e' | 'bundle-budget' | 'commit-message' | 'blueprint-lifecycle' | 'roadmap-links' | 'docs-frontmatter' | 'catalog-drift' | 'package-surface' | 'agents' | 'tech-debt' | 'no-relative-parent-imports' | 'no-link-protocol' | 'vision' | 'bucket-boundary' | 'skill-sizes' | 'broken-refs' | 'memory-rotation' | 'gitignore-agent-surfaces' | 'memory-unified' | 'compile-drift' | 'architecture-drift' | 'cloudflare-deploy-contract' | 'toolchain-isolation' | 'absolute-path-policy' | 'no-first-party-mjs' | 'agent-cost' | 'blueprint-db-consistency' | 'blueprint-lifecycle-sql' | 'tech-debt-cadence' | 'cross-repo-correlation' | 'ai-contracts' | 'mutation' | 'quality' | 'guardrails' | 'hook-surface' | 'no-relative-package-scripts';
 export type AuditOutcome = {
     kind: 'invalid-usage';
     message: string;

package/dist/esm/cli/commands/audit.js

@@ -32,6 +32,7 @@ const REPO_AUDIT_REGISTRY = {
     }),
     'no-link-protocol': async (root) => (await import('#audit/repo-guardrails')).auditNoLinkProtocol(root),
     'no-relative-package-scripts': async (root) => (await import('#audit/repo-guardrails')).auditNoRelativePackageScripts(root),
+    'test-isolation': async (root) => (await import('#audit/repo-guardrails')).auditTestIsolation(root),
     'bucket-boundary': async (root, options) => (await import('#audit/bucket-boundary')).auditBucketBoundary(root, {
         changedOnly: options.changedOnly,
         strict: options.strict,
@@ -61,6 +62,7 @@ const REPO_AUDIT_REGISTRY = {
     'cloudflare-deploy-contract': async (root) => (await import('#audit/cloudflare-deploy-contract')).auditCloudflareDeployContract(root),
     'toolchain-isolation': async (root) => (await import('#audit/toolchain-isolation')).auditToolchainIsolation(root),
     'absolute-path-policy': async (root) => (await import('#audit/absolute-path-policy')).auditAbsolutePathPolicy(root),
+    'no-first-party-mjs': async (root) => (await import('#audit/no-first-party-mjs')).auditNoFirstPartyMjs(root),
     'agent-cost': async (root) => (await import('#audit/agent-cost')).auditAgentCost(root),
     'blueprint-db-consistency': async (root) => (await import('#audit/blueprint-db-consistency')).auditBlueprintDbConsistency(root),
     'blueprint-lifecycle-sql': async (root) => (await import('#audit/blueprint-lifecycle-sql')).auditBlueprintLifecycleSql(root),

package/dist/esm/cli/commands/init/config.d.ts

@@ -16,6 +16,14 @@ export interface AgentkitConfig {
         serverName?: string;
         toolPrefix?: string;
     };
+    /** Pretool-guard routing policy. `mechanism` lives in agent-kit; this is the
+     *  per-repo `data`. `scriptRoutes` maps a package-script name (e.g.
+     *  `docs:check`) to a `wp_audit` kind; `packageManager: 'vp-only'` opts into
+     *  routing all raw `pnpm`/`npm` invocations to the `vp` facade. */
+    guard?: {
+        packageManager?: 'vp-only';
+        scriptRoutes?: Record<string, string>;
+    };
     rules: {
         overrides: string[];
     };

package/dist/esm/cli/commands/init/config.js

@@ -48,6 +48,18 @@ export function readConfig(repoRoot) {
         const normalizedMcp = serverName || toolPrefix
             ? { ...(serverName ? { serverName } : {}), ...(toolPrefix ? { toolPrefix } : {}) }
             : undefined;
+        const guard = parsed.guard;
+        const packageManager = guard?.packageManager === 'vp-only' ? 'vp-only' : undefined;
+        const rawScriptRoutes = guard?.scriptRoutes && typeof guard.scriptRoutes === 'object'
+            ? Object.fromEntries(Object.entries(guard.scriptRoutes).filter(([key, value]) => typeof key === 'string' && typeof value === 'string'))
+            : undefined;
+        const scriptRoutes = rawScriptRoutes && Object.keys(rawScriptRoutes).length > 0 ? rawScriptRoutes : undefined;
+        const normalizedGuard = packageManager || scriptRoutes
+            ? {
+                ...(packageManager ? { packageManager } : {}),
+                ...(scriptRoutes ? { scriptRoutes } : {}),
+            }
+            : undefined;
         const selectedHosts = Array.isArray(hosts?.selected)
             ? hosts.selected.filter((s) => ['codex', 'claude', 'opencode'].includes(String(s)))
             : [];
@@ -66,6 +78,7 @@ export function readConfig(repoRoot) {
                 ...(visibility ? { visibility } : {}),
             },
             ...(normalizedMcp ? { mcp: normalizedMcp } : {}),
+            ...(normalizedGuard ? { guard: normalizedGuard } : {}),
             rules: { overrides: overrides.filter((s) => typeof s === 'string') },
             scripts: {
                 'setup-agent': readOptionalString(scripts?.['setup-agent']),
@@ -93,11 +106,22 @@ export function mergeConfig(existing, incoming) {
             ...incoming.mcp,
         }
         : undefined;
+    const mergedScriptRoutes = existing.guard?.scriptRoutes || incoming.guard?.scriptRoutes
+        ? { ...existing.guard?.scriptRoutes, ...incoming.guard?.scriptRoutes }
+        : undefined;
+    const mergedGuard = existing.guard || incoming.guard
+        ? {
+            ...existing.guard,
+            ...incoming.guard,
+            ...(mergedScriptRoutes ? { scriptRoutes: mergedScriptRoutes } : {}),
+        }
+        : undefined;
     return {
         version: incoming.version,
         installed: { tier3Skills: tier3 },
         hosts: incoming.hosts ?? existing.hosts,
         ...(mergedMcp ? { mcp: mergedMcp } : {}),
+        ...(mergedGuard ? { guard: mergedGuard } : {}),
         rules: { overrides },
         scripts: {
             'setup-agent': incoming.scripts['setup-agent'] ?? existing.scripts['setup-agent'],

package/dist/esm/cli/commands/init/detect-consumer.d.ts

@@ -45,5 +45,16 @@ export declare function discoverWorkspacePackages(repoRoot: string, globs: strin
  * class that the catch-wrap doesn't surface.
  */
 export declare function warnIfNonLocalCli(repoRoot: string, cliUrl?: string): void;
+/**
+ * agent-kit's own package name — the source repo for every agent-surface
+ * template (`catalog/`, the tracked `.agent/`/`.claude/` surfaces). Scaffolding
+ * into this repo overwrites the canonical sources, so `wp setup` refuses it
+ * unless explicitly overridden. Distinct from base-kit's broader
+ * `SELF_PACKAGE_NAMES` (which also covers the legacy `webpresso` framework
+ * identity); only agent-kit hosts the catalog templates.
+ */
+export declare const AGENT_KIT_PACKAGE_NAME = "@webpresso/agent-kit";
+/** True when the consumer being scaffolded is agent-kit's own template-source repo. */
+export declare function isAgentKitTemplateSourceRepo(packageName: string | undefined): boolean;
 export declare function detectConsumer(startDir?: string): ConsumerContext | null;
 //# sourceMappingURL=detect-consumer.d.ts.map

package/dist/esm/cli/commands/init/detect-consumer.js

@@ -261,6 +261,19 @@ export function warnIfNonLocalCli(repoRoot, cliUrl = import.meta.url) {
             ? 'This repo already pins `webpresso`; rerun via the repo-local CLI (`vp run setup:agent` or `vp exec wp setup`).'
             : 'Pin `webpresso` as a local dep for reproducible setup.'));
 }
+/**
+ * agent-kit's own package name — the source repo for every agent-surface
+ * template (`catalog/`, the tracked `.agent/`/`.claude/` surfaces). Scaffolding
+ * into this repo overwrites the canonical sources, so `wp setup` refuses it
+ * unless explicitly overridden. Distinct from base-kit's broader
+ * `SELF_PACKAGE_NAMES` (which also covers the legacy `webpresso` framework
+ * identity); only agent-kit hosts the catalog templates.
+ */
+export const AGENT_KIT_PACKAGE_NAME = '@webpresso/agent-kit';
+/** True when the consumer being scaffolded is agent-kit's own template-source repo. */
+export function isAgentKitTemplateSourceRepo(packageName) {
+    return packageName === AGENT_KIT_PACKAGE_NAME;
+}
 export function detectConsumer(startDir = process.cwd()) {
     const repoRoot = findGitRoot(startDir);
     if (!repoRoot)

package/dist/esm/cli/commands/init/index.d.ts

@@ -11,6 +11,7 @@ export interface InitFlags {
     cwd?: string;
     strict?: boolean;
     project?: boolean;
+    allowSelfScaffold?: boolean;
 }
 export declare const EXIT_SUCCESS = 0;
 export declare const EXIT_SETUP_FAIL = 1;

package/dist/esm/cli/commands/init/index.js

@@ -14,7 +14,7 @@ import { readPackageVersion } from '#cli/utils';
 import { resolveBlueprintRoot } from '#utils/blueprint-root';
 import { runUnifiedSync } from '#symlinker/unified-sync';
 import { defaultConfig, mergeConfig, readConfig, writeConfig, } from './config.js';
-import { detectConsumer, warnIfNonLocalCli } from './detect-consumer.js';
+import { detectConsumer, isAgentKitTemplateSourceRepo, warnIfNonLocalCli, } from './detect-consumer.js';
 import { runPreflight, DOCS_URL } from './preflight.js';
 import { summarizeResults } from './merge.js';
 import { resolveTier3Selection } from './prompts.js';
@@ -138,6 +138,19 @@ export async function runInit(flags) {
             `Run \`git init\` first, or pass --cwd pointing at a git working tree.`);
         return EXIT_SETUP_FAIL;
     }
+    // Self-repo guard: agent-kit is the SOURCE of every agent-surface template
+    // (catalog/, the tracked .agent/.claude surfaces). Scaffolding into its own
+    // working tree overwrites those canonical sources — the footgun where a stray
+    // `wp setup` reported `overwritten: 2, drifted: 11, git index cleanup: 6
+    // untracked` against the live repo. Refuse loudly and write nothing unless the
+    // maintainer explicitly opts in with --allow-self-scaffold.
+    if (isAgentKitTemplateSourceRepo(consumer.packageJson?.name) && flags.allowSelfScaffold !== true) {
+        console.error(`wp setup: refusing to scaffold @webpresso/agent-kit's own repo (${consumer.repoRoot}).\n` +
+            `  This repo is the source of the agent-surface templates; running setup here\n` +
+            `  overwrites the canonical sources under catalog/ and the tracked .agent/.claude surfaces.\n` +
+            `  To deliberately regenerate agent-kit's own surfaces, re-run with --allow-self-scaffold.`);
+        return EXIT_SETUP_FAIL;
+    }
     warnIfNonLocalCli(consumer.repoRoot);
     // Run the 5-point compatibility preflight before any scaffolders fire.
     const preflightResult = await runPreflight(consumer.repoRoot, flags.strict ?? false);
@@ -839,6 +852,7 @@ export function registerInitCommand(cli, commandName = 'init') {
         .option('--cwd <dir>', 'Working tree to scaffold into (default: process.cwd())')
         .option('--strict', 'Abort if any compatibility check fails (default: warn and continue)')
         .option('--project', 'Configure OMX/OMC in project scope instead of the default user scope')
+        .option('--allow-self-scaffold', "Override the self-repo guard to scaffold @webpresso/agent-kit's own template-source repo (maintainers only)")
         .action(async (flags) => {
         const code = await runInit(flags);
         if (code !== EXIT_SUCCESS) {

package/dist/esm/cli/commands/init/scaffolders/agent-hooks/index.js

@@ -13,6 +13,7 @@ import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from 'n
 import { homedir } from 'node:os';
 import { dirname, join, resolve } from 'node:path';
 import { fileURLToPath } from 'node:url';
+import { isHookName } from '#cli/commands/hook.js';
 import { patchJsonFile } from '#cli/commands/init/merge';
 import { CodexAppServerClient } from '#codex/app-server/client.js';
 import { normalizeGlobalCodexHooksFile, resolveBinaryOnPath, } from '#cli/commands/init/scaffolders/agent-hooks/codex-global-normalize';
@@ -623,13 +624,65 @@ function resolvePackageRoot() {
     }
     throw new Error('wp setup: could not locate @webpresso/agent-kit package root for hook launchers.');
 }
+// Consumer-side runtime package directory for the current platform. Mirrors the
+// canonical target table in `src/build/runtime-targets.ts`; kept inline here to
+// avoid a deep cross-tree import for a small lookup. If that target list ever
+// changes, update both. Returns undefined for platforms with no compiled
+// runtime package.
+function compiledRuntimePackageDir() {
+    const osLabel = process.platform === 'win32' ? 'windows' : process.platform;
+    const id = `${osLabel}-${process.arch}`;
+    const known = new Set(['darwin-arm64', 'darwin-x64', 'linux-x64', 'linux-arm64', 'windows-x64']);
+    return known.has(id) ? `agent-kit-runtime-${id}` : undefined;
+}
+/**
+ * Absolute path to the consumer's self-contained compiled `wp` binary, when the
+ * platform runtime package (`@webpresso/agent-kit-runtime-<platform>`) is
+ * installed. The compiled binary bundles its own runtime, so preferring it makes
+ * the hook launcher survive node-path staleness — an nvm/version change
+ * invalidates the captured absolute node path but not a self-contained binary.
+ * Returns undefined when no compiled runtime is installed (today's default), so
+ * the launcher keeps its absolute-node fallback unchanged.
+ */
+function resolveCompiledWpBinary(repoRoot) {
+    const packageDir = compiledRuntimePackageDir();
+    if (!packageDir)
+        return undefined;
+    const filename = process.platform === 'win32' ? 'wp.exe' : 'wp';
+    const candidate = join(repoRoot, 'node_modules', '@webpresso', packageDir, 'bin', filename);
+    return existsSync(candidate) ? candidate : undefined;
+}
+/**
+ * The `wp hook <sub>` subcommand a managed launcher should dispatch to via the
+ * compiled binary, or undefined when `binName` is not a dispatchable hook (e.g.
+ * `wp-check-dev-link`, which has no `wp hook` handler). The names map 1:1 by
+ * stripping the `wp-` prefix; `isHookName` is the single source of truth.
+ */
+function hookSubcommandFor(binName) {
+    const sub = binName.startsWith('wp-') ? binName.slice(3) : binName;
+    return isHookName(sub) ? sub : undefined;
+}
 function renderManagedWebpressoHookLauncher(repoRoot, binName) {
     const nodeBinary = quoteShell(process.execPath);
     const projectBinPath = quoteShell(resolveProjectHookBinPath(repoRoot, binName));
     const fallbackBinPath = quoteShell(resolvePackageHookBin(binName));
     const missingFallback = binName === PRETOOL_GUARD_BIN ? PRETOOL_GUARD_MISSING_DENY : 'exit 0';
+    // Prefer the self-contained compiled `wp` binary when it resolves: it bundles
+    // its own runtime, so it is immune to the node-path staleness that would break
+    // the absolute `$NODE_BINARY` path below. Only emitted for dispatchable hooks
+    // with an installed compiled runtime; otherwise the node path is unchanged.
+    const hookSub = hookSubcommandFor(binName);
+    const compiledWp = hookSub ? resolveCompiledWpBinary(repoRoot) : undefined;
+    const compiledPreamble = compiledWp !== undefined
+        ? `WP_BIN=${quoteShell(compiledWp)}
+if [ -x "$WP_BIN" ]; then
+  exec "$WP_BIN" hook ${hookSub} "$@"
+fi
+
+`
+        : '';
     return `#!/bin/sh
-NODE_BINARY=${nodeBinary}
+${compiledPreamble}NODE_BINARY=${nodeBinary}
 PROJECT_BIN_PATH=${projectBinPath}
 FALLBACK_BIN_PATH=${fallbackBinPath}
 

package/dist/esm/cli/commands/init/scaffolders/omx/index.d.ts

@@ -1,8 +1,9 @@
 /**
  * `omx` scaffolder preset.
  *
- * Ensures `omx` is installed, then chains `omx setup --yes --scope user` after the
- * webpresso scaffold completes. OMX (oh-my-codex) is the operator-workflow
+ * Refreshes Vite+ (`vp`), ensures `omx` is installed, then chains
+ * `omx setup --yes --scope user` after the webpresso scaffold completes.
+ * OMX (oh-my-codex) is the operator-workflow
  * execution layer; it manages its own scaffolding idempotently.
  *
  * Required when downstream features rely on `omx team` (see
@@ -55,7 +56,8 @@ type OmxSetupScope = 'user' | 'project';
 export declare function deduplicateCodexHookTrustState(config: string): string;
 export declare function migrateDeprecatedCodexHooksFeatureFlag(raw: string): string;
 /**
- * Ensure `omx` is on PATH then run `omx setup --yes --scope user` in the consumer repo.
+ * Refresh `vp`, ensure `omx` is on PATH, then run
+ * `omx setup --yes --scope user` in the consumer repo.
  * Idempotent: safe to run on every `wp setup`.
  */
 export declare function ensureOmx(input: EnsureOmxInput): EnsureOmxResult;

package/dist/esm/cli/commands/init/scaffolders/omx/index.js

@@ -1,8 +1,9 @@
 /**
  * `omx` scaffolder preset.
  *
- * Ensures `omx` is installed, then chains `omx setup --yes --scope user` after the
- * webpresso scaffold completes. OMX (oh-my-codex) is the operator-workflow
+ * Refreshes Vite+ (`vp`), ensures `omx` is installed, then chains
+ * `omx setup --yes --scope user` after the webpresso scaffold completes.
+ * OMX (oh-my-codex) is the operator-workflow
  * execution layer; it manages its own scaffolding idempotently.
  *
  * Required when downstream features rely on `omx team` (see
@@ -14,7 +15,7 @@ import { homedir } from 'node:os';
 import { dirname, join, resolve, sep } from 'node:path';
 import { defaultCodexHooksPathFromConfig, normalizeGlobalCodexHooksFile, resolveBinaryOnPath, } from '#cli/commands/init/scaffolders/agent-hooks/codex-global-normalize';
 const NOT_FOUND_HINT = 'omx (oh-my-codex) is not on PATH after `vp install -g oh-my-codex`. Install it manually and re-run.';
-function shouldSkipOmxRefresh(env = process.env) {
+function shouldSkipManagedToolRefresh(env = process.env) {
     return env.WP_SKIP_UPDATE_CHECK === '1';
 }
 function defaultCodexConfigPath() {
@@ -190,7 +191,8 @@ function pruneEmptyProjectScopedDirs(repoRoot, relativeFile) {
     }
 }
 /**
- * Ensure `omx` is on PATH then run `omx setup --yes --scope user` in the consumer repo.
+ * Refresh `vp`, ensure `omx` is on PATH, then run
+ * `omx setup --yes --scope user` in the consumer repo.
  * Idempotent: safe to run on every `wp setup`.
  */
 export function ensureOmx(input) {
@@ -210,6 +212,9 @@ export function ensureOmx(input) {
         }
     }
     let installed = false;
+    if (!shouldSkipManagedToolRefresh()) {
+        spawn('vp', ['upgrade'], { stdio: 'inherit' });
+    }
     let probe = spawn('omx', ['--version'], { encoding: 'utf8' });
     if (probe.error || (probe.status !== null && probe.status !== 0)) {
         const install = spawn('vp', ['install', '-g', 'oh-my-codex'], { stdio: 'inherit' });
@@ -222,7 +227,7 @@ export function ensureOmx(input) {
             return { kind: 'omx-not-found', hint: NOT_FOUND_HINT };
         }
     }
-    else if (!shouldSkipOmxRefresh()) {
+    else if (!shouldSkipManagedToolRefresh()) {
         spawn('vp', ['update', '-g', 'oh-my-codex'], { stdio: 'inherit' });
     }
     const result = spawn('omx', ['setup', '--yes', '--scope', scope], {

package/dist/esm/config/docs-lint/schemas/agents.d.ts

@@ -17,8 +17,8 @@ export declare const agentsFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";
@@ -57,8 +57,8 @@ export declare const agentEntryFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/audit.d.ts

@@ -18,8 +18,8 @@ export declare const auditFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/common.d.ts

@@ -25,8 +25,8 @@ export declare const baseFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/cookbook.d.ts

@@ -19,8 +19,8 @@ export declare const cookbookFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/core.d.ts

@@ -18,8 +18,8 @@ export declare const coreFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";
@@ -54,8 +54,8 @@ export declare const readmeFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";
@@ -88,8 +88,8 @@ export declare const securityFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";
@@ -169,8 +169,8 @@ export declare const agentsFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/evaluation.d.ts

@@ -19,8 +19,8 @@ export declare const evaluationFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/ongoing-initiative.d.ts

@@ -38,8 +38,8 @@ export declare const planArtifactFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";
@@ -79,8 +79,8 @@ export declare const planReportFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/config/docs-lint/schemas/rule.d.ts

@@ -18,8 +18,8 @@ export declare const ruleFrontmatter: z.ZodObject<{
         monitoring: "monitoring";
         resolved: "resolved";
         open: "open";
-        deprecated: "deprecated";
         current: "current";
+        deprecated: "deprecated";
         complete: "complete";
         active: "active";
         review: "review";

package/dist/esm/hooks/pretool-guard/validators/forbidden-commands.js

@@ -1,5 +1,6 @@
 import { readConfig } from '#cli/commands/init/config';
 import { getCommand, isBashInput } from '#hooks/shared/types';
+import { AUDIT_KINDS } from '#mcp/tools/_shared/audit-kinds';
 import { createSkipResult } from './skip-result.js';
 import { buildRedirectMessage } from './mcp-redirect.js';
 export const VALIDATOR_NAME = 'forbidden-commands';
@@ -445,6 +446,57 @@ export function createAuditResult(command, rule, options = {}) {
         matchedPattern: rule.pattern.source,
     };
 }
+const AUDIT_KIND_SET = new Set(AUDIT_KINDS);
+const WP_AUDIT_RE = /^wp\s+audit\s+([a-z0-9-]+)\b/u;
+const SCRIPT_INVOCATION_RE = /^(?:pnpm run|vp run|npm run|pnpm|npm)\s+([A-Za-z0-9:_-]+)/u;
+const RAW_PM_RE = /^(?:pnpm|npm)\b/u;
+function loadGuardConfig() {
+    const repoRoot = process.env.CLAUDE_PROJECT_DIR ?? process.cwd();
+    return readConfig(repoRoot)?.guard;
+}
+/** Build a guard redirect result; non-blocking ("[AUDIT] Would block") in audit mode. */
+function guardRedirect(message) {
+    if (process.env[AUDIT_MODE_ENV] === '1') {
+        return { validator: VALIDATOR_NAME, passed: true, message: `[AUDIT] Would block:\n${message}` };
+    }
+    return { validator: VALIDATOR_NAME, passed: false, message };
+}
+/** `wp audit <kind>` (CLI) → `wp_audit(kind=...)` (MCP). Generic; not gated on config. */
+function findWpAuditRedirect(command) {
+    for (const variant of getCommandVariants(command)) {
+        const kind = WP_AUDIT_RE.exec(variant)?.[1];
+        if (kind && AUDIT_KIND_SET.has(kind)) {
+            return `"${variant}" denied — use the MCP audit tool: mcp__webpresso__wp_audit(kind="${kind}"). Returns structured, summary-first results.`;
+        }
+    }
+    return undefined;
+}
+/** Repo-declared `guard.scriptRoutes`: a package script mapped to an audit kind. */
+function findScriptRouteRedirect(command, routes) {
+    for (const variant of getCommandVariants(command)) {
+        const script = SCRIPT_INVOCATION_RE.exec(variant)?.[1];
+        if (!script)
+            continue;
+        const kind = routes[script];
+        if (!kind)
+            continue;
+        if (!AUDIT_KIND_SET.has(kind)) {
+            process.stderr.write(`[forbidden-commands] guard.scriptRoutes["${script}"] -> "${kind}" is not a known audit kind; ignoring\n`);
+            continue;
+        }
+        return `"${variant}" denied — this repo routes \`${script}\` to an audit: mcp__webpresso__wp_audit(kind="${kind}").`;
+    }
+    return undefined;
+}
+/** `guard.packageManager: 'vp-only'`: route any remaining raw pnpm/npm to the vp facade. */
+function findVpOnlyRedirect(command) {
+    for (const variant of getCommandVariants(command)) {
+        if (RAW_PM_RE.test(variant)) {
+            return `"${variant}" denied — this repo is vp-only. Use the vp facade (\`vp install\`, \`vp run <script>\`, \`vp exec <bin>\`) or the matching wp_* MCP tool.`;
+        }
+    }
+    return undefined;
+}
 export function validateForbiddenCommands(input) {
     if (process.env[SKIP_ENV_VAR] === '1')
         return createSkipResult(VALIDATOR_NAME);
@@ -459,6 +511,20 @@ export function validateForbiddenCommands(input) {
             return createAuditResult(command, rule);
         return createBlockedResult(command, rule);
     }
+    const wpAuditRedirect = findWpAuditRedirect(command);
+    if (wpAuditRedirect)
+        return guardRedirect(wpAuditRedirect);
+    const guard = loadGuardConfig();
+    if (guard?.scriptRoutes) {
+        const redirect = findScriptRouteRedirect(command, guard.scriptRoutes);
+        if (redirect)
+            return guardRedirect(redirect);
+    }
+    if (guard?.packageManager === 'vp-only') {
+        const redirect = findVpOnlyRedirect(command);
+        if (redirect)
+            return guardRedirect(redirect);
+    }
     return { validator: VALIDATOR_NAME, passed: true };
 }
 //# sourceMappingURL=forbidden-commands.js.map

package/dist/esm/mcp/tools/_shared/audit-kinds.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Canonical list of `wp_audit` kinds — single source of truth.
+ *
+ * Imported by the `wp_audit` MCP tool (for its `kind` enum + dispatch) and by
+ * the pretool-guard (to validate repo `guard.scriptRoutes` targets and to
+ * redirect `wp audit <kind>` CLI calls to the MCP tool). Kept as a tiny
+ * dependency-free module so the hook runtime, which runs on every tool call,
+ * doesn't pull in the whole audit tool graph.
+ */
+export declare const AUDIT_KINDS: readonly ["tph", "tph-e2e", "agents", "catalog-drift", "package-surface", "docs-frontmatter", "blueprint-lifecycle", "architecture-drift", "cloudflare-deploy-contract", "absolute-path-policy", "no-first-party-mjs", "roadmap-links", "bundle-budget", "commit-message", "tech-debt", "hook-surface", "ai-contracts", "no-relative-package-scripts", "toolchain-isolation"];
+export type AuditKind = (typeof AUDIT_KINDS)[number];
+export declare function isAuditKind(value: string): value is AuditKind;
+//# sourceMappingURL=audit-kinds.d.ts.map

package/dist/esm/mcp/tools/_shared/audit-kinds.js

@@ -0,0 +1,34 @@
+/**
+ * Canonical list of `wp_audit` kinds — single source of truth.
+ *
+ * Imported by the `wp_audit` MCP tool (for its `kind` enum + dispatch) and by
+ * the pretool-guard (to validate repo `guard.scriptRoutes` targets and to
+ * redirect `wp audit <kind>` CLI calls to the MCP tool). Kept as a tiny
+ * dependency-free module so the hook runtime, which runs on every tool call,
+ * doesn't pull in the whole audit tool graph.
+ */
+export const AUDIT_KINDS = [
+    'tph',
+    'tph-e2e',
+    'agents',
+    'catalog-drift',
+    'package-surface',
+    'docs-frontmatter',
+    'blueprint-lifecycle',
+    'architecture-drift',
+    'cloudflare-deploy-contract',
+    'absolute-path-policy',
+    'no-first-party-mjs',
+    'roadmap-links',
+    'bundle-budget',
+    'commit-message',
+    'tech-debt',
+    'hook-surface',
+    'ai-contracts',
+    'no-relative-package-scripts',
+    'toolchain-isolation',
+];
+export function isAuditKind(value) {
+    return AUDIT_KINDS.includes(value);
+}
+//# sourceMappingURL=audit-kinds.js.map

package/dist/esm/mcp/tools/_shared/project-root.d.ts

@@ -8,10 +8,15 @@
  * `oxlint` spawned with the inherited cwd would lint the wrong tree.
  *
  * Resolution order, first hit wins:
- *   1. `CLAUDE_PROJECT_DIR` env var (when set by Claude Code hooks).
- *   2. Walk up from `process.cwd()` looking for a marker:
- *      `.git`, `pnpm-workspace.yaml`, then `package.json`.
- *   3. Loud throw — diagnosing a wrong-tree lint silently is worse than
+ *   1. `explicitCwd` — caller says "use exactly this", no walk.
+ *   2. An explicitly-passed `cwd` walked up to a marker (`.git`,
+ *      `pnpm-workspace.yaml`, then `package.json`). A deliberate caller cwd
+ *      outranks `CLAUDE_PROJECT_DIR`, which for a plugin-scope MCP server is
+ *      the whole session/workspace root. If the passed cwd has no marker, fall
+ *      back to `CLAUDE_PROJECT_DIR`, then throw — do not widen to `process.cwd()`.
+ *   3. `CLAUDE_PROJECT_DIR` env var (when no explicit cwd was passed).
+ *   4. Walk up from `process.cwd()` looking for a marker.
+ *   5. Loud throw — diagnosing a wrong-tree lint silently is worse than
  *      forcing the caller to pass an explicit cwd.
  *
  * The walk searches `.git` and `pnpm-workspace.yaml` *before* `package.json`

package/dist/esm/mcp/tools/_shared/project-root.js

@@ -8,10 +8,15 @@
  * `oxlint` spawned with the inherited cwd would lint the wrong tree.
  *
  * Resolution order, first hit wins:
- *   1. `CLAUDE_PROJECT_DIR` env var (when set by Claude Code hooks).
- *   2. Walk up from `process.cwd()` looking for a marker:
- *      `.git`, `pnpm-workspace.yaml`, then `package.json`.
- *   3. Loud throw — diagnosing a wrong-tree lint silently is worse than
+ *   1. `explicitCwd` — caller says "use exactly this", no walk.
+ *   2. An explicitly-passed `cwd` walked up to a marker (`.git`,
+ *      `pnpm-workspace.yaml`, then `package.json`). A deliberate caller cwd
+ *      outranks `CLAUDE_PROJECT_DIR`, which for a plugin-scope MCP server is
+ *      the whole session/workspace root. If the passed cwd has no marker, fall
+ *      back to `CLAUDE_PROJECT_DIR`, then throw — do not widen to `process.cwd()`.
+ *   3. `CLAUDE_PROJECT_DIR` env var (when no explicit cwd was passed).
+ *   4. Walk up from `process.cwd()` looking for a marker.
+ *   5. Loud throw — diagnosing a wrong-tree lint silently is worse than
  *      forcing the caller to pass an explicit cwd.
  *
  * The walk searches `.git` and `pnpm-workspace.yaml` *before* `package.json`
@@ -42,20 +47,39 @@ function walkUp(start, markers) {
     }
     return null;
 }
+/**
+ * Walk up from `start` to the nearest project root. Strong markers
+ * (`.git`, `pnpm-workspace.yaml`) anchor at the workspace root in preference to
+ * a closer weak marker (`package.json`) in a nested package dir.
+ */
+function walkToProjectRoot(start) {
+    return walkUp(start, STRONG_MARKERS) ?? walkUp(start, WEWP_MARKERS);
+}
 export function resolveProjectRoot(options = {}) {
     if (options.explicitCwd)
         return options.explicitCwd;
     const env = options.env ?? process.env;
     const fromEnv = env.CLAUDE_PROJECT_DIR;
+    // A caller-supplied cwd is a deliberate "scope to this project" signal and
+    // must outrank the ambient CLAUDE_PROJECT_DIR — for a plugin-scope MCP server
+    // that env var is the whole session/workspace root, so without this an
+    // explicit `wp_lint`/`wp_test` cwd would scan every sibling repo. Anchor at
+    // the cwd's project root; if it has no marker, defer to CLAUDE_PROJECT_DIR,
+    // then throw — never silently widen the search to process.cwd().
+    if (options.cwd) {
+        const fromCwd = walkToProjectRoot(options.cwd);
+        if (fromCwd)
+            return fromCwd;
+        if (fromEnv && fromEnv.length > 0)
+            return fromEnv;
+        throw new ProjectRootNotFoundError(options.cwd);
+    }
     if (fromEnv && fromEnv.length > 0)
         return fromEnv;
-    const start = options.cwd ?? process.cwd();
-    const fromStrong = walkUp(start, STRONG_MARKERS);
-    if (fromStrong)
-        return fromStrong;
-    const fromWeak = walkUp(start, WEWP_MARKERS);
-    if (fromWeak)
-        return fromWeak;
+    const start = process.cwd();
+    const fromCwd = walkToProjectRoot(start);
+    if (fromCwd)
+        return fromCwd;
     throw new ProjectRootNotFoundError(start);
 }
 //# sourceMappingURL=project-root.js.map

package/dist/esm/mcp/tools/_shared/result.d.ts

@@ -9,8 +9,8 @@ export declare const transformMetadataSchema: z.ZodObject<{
     toolName: z.ZodString;
     normalizedToolName: z.ZodString;
     tier: z.ZodEnum<{
-        registered: "registered";
         passthrough: "passthrough";
+        registered: "registered";
     }>;
     rawBytes: z.ZodNumber;
 }, z.core.$strip>;
@@ -38,8 +38,8 @@ export declare const summaryFirstResultSchema: z.ZodObject<{
         toolName: z.ZodString;
         normalizedToolName: z.ZodString;
         tier: z.ZodEnum<{
-            registered: "registered";
             passthrough: "passthrough";
+            registered: "registered";
         }>;
         rawBytes: z.ZodNumber;
     }, z.core.$strip>>;

package/dist/esm/mcp/tools/audit.d.ts

@@ -24,17 +24,19 @@ declare const inputSchema: z.ZodObject<{
         "tech-debt": "tech-debt";
         tph: "tph";
         "tph-e2e": "tph-e2e";
-        "bundle-budget": "bundle-budget";
-        "commit-message": "commit-message";
-        "blueprint-lifecycle": "blueprint-lifecycle";
-        "roadmap-links": "roadmap-links";
-        "docs-frontmatter": "docs-frontmatter";
         "catalog-drift": "catalog-drift";
         "package-surface": "package-surface";
+        "docs-frontmatter": "docs-frontmatter";
+        "blueprint-lifecycle": "blueprint-lifecycle";
         "architecture-drift": "architecture-drift";
         "cloudflare-deploy-contract": "cloudflare-deploy-contract";
         "absolute-path-policy": "absolute-path-policy";
+        "no-first-party-mjs": "no-first-party-mjs";
+        "roadmap-links": "roadmap-links";
+        "bundle-budget": "bundle-budget";
+        "commit-message": "commit-message";
         "ai-contracts": "ai-contracts";
+        "toolchain-isolation": "toolchain-isolation";
     }>;
     cwd: z.ZodOptional<z.ZodString>;
     directory: z.ZodOptional<z.ZodString>;

package/dist/esm/mcp/tools/audit.js

@@ -18,26 +18,9 @@ import { spawn } from 'node:child_process';
 import { z } from 'zod';
 import { resolveAuditScriptPath } from '#audit/resolve-audit-script';
 import { applyOutputTransform } from '#output-transforms/index';
+import { AUDIT_KINDS } from './_shared/audit-kinds.js';
 import { createSummaryOutputSchema, createSummaryResult } from './_shared/result.js';
-const KINDS = [
-    'tph',
-    'tph-e2e',
-    'agents',
-    'catalog-drift',
-    'package-surface',
-    'docs-frontmatter',
-    'blueprint-lifecycle',
-    'architecture-drift',
-    'cloudflare-deploy-contract',
-    'absolute-path-policy',
-    'roadmap-links',
-    'bundle-budget',
-    'commit-message',
-    'tech-debt',
-    'hook-surface',
-    'ai-contracts',
-    'no-relative-package-scripts',
-];
+const KINDS = AUDIT_KINDS;
 const inputSchema = z.object({
     kind: z.enum(KINDS),
     /** Working tree to run the audit against. Alias kept as `directory` for back-compat. */
@@ -176,6 +159,26 @@ async function dispatch(input) {
                 details: auditResult,
             };
         }
+        case 'no-first-party-mjs': {
+            const { auditNoFirstPartyMjs } = await import('#audit/no-first-party-mjs');
+            const auditResult = auditNoFirstPartyMjs(input.cwd ?? input.directory ?? process.cwd());
+            return {
+                passed: auditResult.ok,
+                summary: summarizeRepoAudit(kind, auditResult),
+                kind,
+                details: auditResult,
+            };
+        }
+        case 'toolchain-isolation': {
+            const { auditToolchainIsolation } = await import('#audit/toolchain-isolation');
+            const auditResult = auditToolchainIsolation(input.cwd ?? input.directory ?? process.cwd());
+            return {
+                passed: auditResult.ok,
+                summary: summarizeRepoAudit(kind, auditResult),
+                kind,
+                details: auditResult,
+            };
+        }
         case 'roadmap-links': {
             const { auditRoadmapLinks } = await import('#audit/roadmap-links');
             const auditResult = auditRoadmapLinks(input.cwd ?? input.directory ?? process.cwd());
@@ -304,7 +307,7 @@ async function dispatch(input) {
 }
 const tool = {
     name: 'wp_audit',
-    description: 'Run a packaged repo audit. `kind` selects the audit (tph, tph-e2e, catalog-drift, docs-frontmatter, blueprint-lifecycle, architecture-drift, absolute-path-policy, roadmap-links, bundle-budget, commit-message, tech-debt, hook-surface, package-surface, no-relative-package-scripts). Returns {passed, kind, details}.',
+    description: 'Run a packaged repo audit. `kind` selects the audit (tph, tph-e2e, catalog-drift, docs-frontmatter, blueprint-lifecycle, architecture-drift, absolute-path-policy, no-first-party-mjs, roadmap-links, bundle-budget, commit-message, tech-debt, hook-surface, package-surface, no-relative-package-scripts). Returns {passed, kind, details}.',
     inputSchema,
     outputSchema,
     annotations: {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@webpresso/agent-kit",
-  "version": "0.26.2",
+  "version": "0.27.0",
   "private": false,
   "repository": {
     "type": "git",
@@ -710,10 +710,10 @@
     "@stryker-mutator/typescript-checker": "^9.6.1",
     "@playwright/test": "^1.55.0",
     "wrangler": "^4.50.0",
-    "@webpresso/agent-kit-runtime-darwin-arm64": "0.26.2",
-    "@webpresso/agent-kit-runtime-darwin-x64": "0.26.2",
-    "@webpresso/agent-kit-runtime-linux-x64": "0.26.2",
-    "@webpresso/agent-kit-runtime-linux-arm64": "0.26.2",
-    "@webpresso/agent-kit-runtime-windows-x64": "0.26.2"
+    "@webpresso/agent-kit-runtime-darwin-arm64": "0.27.0",
+    "@webpresso/agent-kit-runtime-darwin-x64": "0.27.0",
+    "@webpresso/agent-kit-runtime-linux-x64": "0.27.0",
+    "@webpresso/agent-kit-runtime-linux-arm64": "0.27.0",
+    "@webpresso/agent-kit-runtime-windows-x64": "0.27.0"
   }
 }