@webpresso/agent-kit 0.28.0 → 0.29.1

package/dist/esm/audit/package-surface.js

@@ -1,7 +1,8 @@
 import { execFileSync } from 'node:child_process';
-import { copyFileSync, existsSync, mkdirSync, mkdtempSync, readFileSync, readdirSync, rmSync, } from 'node:fs';
+import { copyFileSync, existsSync, lstatSync, mkdirSync, mkdtempSync, readFileSync, readdirSync, rmSync, } from 'node:fs';
 import { tmpdir } from 'node:os';
 import { basename, dirname, join, relative, resolve } from 'node:path';
+import { AGENT_KIT_TARBALL_SIZE_BUDGET_BYTES, AGENT_KIT_TARBALL_UNPACKED_SIZE_BUDGET_BYTES, evaluateAgentKitTarballSizeBudget, } from '#build/runtime-surface-policy.js';
 const DEFAULT_ALLOWED_PUBLIC_PACKAGES = [
     '@webpresso/webpresso',
     '@webpresso/agent-kit',
@@ -179,7 +180,10 @@ export function stagePublishableTarballSurface(rootDirectory, destinationDirecto
     const packages = discoverPublishablePackages(root);
     let fileCount = 0;
     for (const candidate of packages) {
-        const packedFiles = readPackedFiles(candidate.packageRoot);
+        const packEntry = readPackedEntry(candidate.packageRoot);
+        const packedFiles = Array.isArray(packEntry.files)
+            ? packEntry.files.filter((item) => Boolean(item?.path))
+            : [];
         stagePackedFiles(root, destinationRoot, candidate, packedFiles);
         fileCount += packedFiles.length;
     }
@@ -244,9 +248,9 @@ function auditPackedTarballSurface(root, contract, violations) {
     ];
     let checked = 0;
     for (const candidate of packages) {
-        let packedFiles;
+        let packEntry;
         try {
-            packedFiles = readPackedFiles(candidate.packageRoot);
+            packEntry = readPackedEntry(candidate.packageRoot);
         }
         catch (error) {
             violations.push({
@@ -256,6 +260,9 @@ function auditPackedTarballSurface(root, contract, violations) {
             checked += 1;
             continue;
         }
+        const packedFiles = Array.isArray(packEntry.files)
+            ? packEntry.files.filter((item) => Boolean(item?.path))
+            : [];
         checked += packedFiles.length;
         for (const packedFile of packedFiles) {
             const repoRelative = packageFileToRepoRelative(root, candidate, packedFile.path);
@@ -267,11 +274,72 @@ function auditPackedTarballSurface(root, contract, violations) {
                 });
             }
         }
+        checked += auditAgentKitNativeRuntimeSurface(root, candidate, packEntry, packedFiles, violations);
         checked += auditPackedTarballContent(root, candidate, packedFiles, forbiddenContentRules, allowedContentRules, allowedPathRules, deepScanExcludedPathPrefixes, violations);
         checked += auditPackedTarballSecrets(root, candidate, packedFiles, forbiddenPathRules, allowedPathRules, allowedSecretlintMessageIds, deepScanExcludedPathPrefixes, violations);
     }
     return checked;
 }
+function auditAgentKitNativeRuntimeSurface(root, candidate, packEntry, packedFiles, violations) {
+    if (candidate.name !== '@webpresso/agent-kit')
+        return 0;
+    const manifestPath = join(candidate.packageRoot, 'bin', 'runtime-manifest.json');
+    if (!existsSync(manifestPath)) {
+        violations.push({
+            file: relativePath(root, join(candidate.packageRoot, 'bin', 'runtime-manifest.json')),
+            message: 'Native runtime manifest is missing from the publishable package surface',
+        });
+        return 1;
+    }
+    const packedPaths = new Set(packedFiles.map((file) => file.path));
+    const requiredPackedPaths = new Set(['bin/runtime-manifest.json', 'bin/wp']);
+    const deniedPackedPrefixes = ['bin/runtime/', 'dist/runtime/', 'dist/runtime-packages/'];
+    for (const requiredPath of requiredPackedPaths) {
+        if (packedPaths.has(requiredPath))
+            continue;
+        violations.push({
+            file: relativePath(root, join(candidate.packageRoot, requiredPath)),
+            message: `Publishable tarball is missing required native runtime artifact ${requiredPath}`,
+        });
+    }
+    for (const packedPath of packedPaths) {
+        if (!deniedPackedPrefixes.some((prefix) => packedPath.startsWith(prefix)))
+            continue;
+        violations.push({
+            file: relativePath(root, join(candidate.packageRoot, packedPath)),
+            message: `Publishable tarball contains denied native runtime payload ${packedPath}`,
+        });
+    }
+    const stagedLauncherPath = join(candidate.packageRoot, 'bin', 'wp');
+    if (!existsSync(stagedLauncherPath)) {
+        violations.push({
+            file: relativePath(root, stagedLauncherPath),
+            message: 'Publishable native launcher bin/wp is missing',
+        });
+    }
+    else if (lstatSync(stagedLauncherPath).isSymbolicLink()) {
+        violations.push({
+            file: relativePath(root, stagedLauncherPath),
+            message: 'Publishable native launcher bin/wp must be a real file, not a symlink',
+        });
+    }
+    else if (!isRootWpDispatcher(stagedLauncherPath)) {
+        violations.push({
+            file: relativePath(root, stagedLauncherPath),
+            message: 'Publishable native launcher bin/wp must be the cross-platform JS dispatcher, not a native binary',
+        });
+    }
+    const sizeBudget = evaluateAgentKitTarballSizeBudget(packEntry);
+    if (!sizeBudget.sizeOk || !sizeBudget.unpackedOk) {
+        violations.push({
+            file: relativePath(root, candidate.packageFile),
+            message: `Publishable tarball exceeds native-runtime size budget: size=${sizeBudget.size}/` +
+                `${AGENT_KIT_TARBALL_SIZE_BUDGET_BYTES}, unpacked=${sizeBudget.unpackedSize}/` +
+                `${AGENT_KIT_TARBALL_UNPACKED_SIZE_BUDGET_BYTES}`,
+        });
+    }
+    return requiredPackedPaths.size + 2 + packedFiles.length;
+}
 function auditPackedTarballContent(root, candidate, packedFiles, forbiddenRules, allowedRules, allowedPathRules, deepScanExcludedPathPrefixes, violations) {
     let checked = 0;
     for (const packedFile of packedFiles) {
@@ -297,6 +365,10 @@ function auditPackedTarballContent(root, candidate, packedFiles, forbiddenRules,
     }
     return checked;
 }
+function isRootWpDispatcher(path) {
+    const text = readPackedText(path);
+    return Boolean(text?.startsWith('#!/usr/bin/env node') && text.includes("runNamedBin('wp')"));
+}
 function auditPackedTarballSecrets(root, candidate, packedFiles, forbiddenPathRules, allowedPathRules, allowedMessageIds, deepScanExcludedPathPrefixes, violations) {
     const packageRelativeRoot = relativePath(root, candidate.packageRoot);
     const secretlintCandidates = packedFiles.filter((packedFile) => {
@@ -366,7 +438,7 @@ function discoverPublishablePackages(root) {
     }
     return packages;
 }
-function readPackedFiles(packageRoot) {
+function readPackedEntry(packageRoot) {
     const raw = execFileSync('npm', ['pack', '--dry-run', '--json'], {
         cwd: packageRoot,
         encoding: 'utf8',
@@ -374,11 +446,8 @@ function readPackedFiles(packageRoot) {
     });
     const entries = JSON.parse(raw);
     if (!Array.isArray(entries) || entries.length === 0)
-        return [];
-    const first = entries[0];
-    return Array.isArray(first.files)
-        ? first.files.filter((item) => Boolean(item?.path))
-        : [];
+        return {};
+    return entries[0] ?? {};
 }
 function stagePackedFiles(root, destinationRoot, candidate, packedFiles) {
     const packageRelativeRoot = relativePath(root, candidate.packageRoot);

package/dist/esm/audit/repo-guardrails.d.ts

@@ -21,7 +21,7 @@ export interface DocsFrontmatterOptions {
 export interface BlueprintLifecycleOptions {
     blueprintsRoot?: string;
     statuses?: readonly string[];
-    includeLegacyOmx?: boolean;
+    includeOmxPlans?: boolean;
 }
 export interface CommitMessageOptions {
     allowedTypes?: readonly string[];

package/dist/esm/audit/repo-guardrails.js

@@ -1,6 +1,7 @@
 import { existsSync, readFileSync, readdirSync, writeFileSync } from 'node:fs';
 import { join, relative, resolve, sep } from 'node:path';
 import matter from 'gray-matter';
+import { z } from 'zod';
 import { blueprintDerivedHandoffSchema } from '#execution/types';
 import { BLUEPRINT_OVERVIEW_FILENAME, isBlueprintSupportingMarkdownRelativePath, parseBlueprintDocumentRelativePath, } from '#utils/document-paths.js';
 import { validateLoreTrailers } from './commit-message-lore.js';
@@ -51,6 +52,13 @@ const ABSOLUTE_FILE_REFERENCE_PATTERN = /^(?:\/|[A-Za-z]:[\\/]|file:\/\/)/i;
 const LEGACY_CROSS_REPO_LABEL_PATTERN = /^cross-repo:/i;
 const GITHUB_REPO_PATTERN = /^[^/\s]+\/[^/\s]+$/;
 const BLUEPRINT_SLUG_PATTERN = /^[A-Za-z0-9._-]+$/;
+const BLUEPRINT_COMPLEXITIES = ['XS', 'S', 'M', 'L', 'XL'];
+const blueprintLifecycleRequiredFrontmatterSchema = z.object({
+    title: z.string().trim().min(1),
+    owner: z.string().trim().min(1),
+    complexity: z.enum(BLUEPRINT_COMPLEXITIES),
+    last_updated: z.string().regex(/^\d{4}-\d{2}-\d{2}$/),
+});
 export function auditCatalogDrift(rootDirectory = process.cwd(), options = {}) {
     const root = resolve(rootDirectory);
     const workspacePath = resolve(root, options.workspaceFile ?? 'pnpm-workspace.yaml');
@@ -261,6 +269,38 @@ export function auditBlueprintLifecycle(rootDirectory = process.cwd(), options =
                     message: `Blueprint status must match folder (${status})`,
                 });
             }
+            if (status !== 'draft') {
+                const frontmatterValidation = blueprintLifecycleRequiredFrontmatterSchema.safeParse({
+                    title: typeof frontmatter.title === 'string'
+                        ? frontmatter.title
+                        : String(frontmatter.title ?? ''),
+                    owner: typeof frontmatter.owner === 'string'
+                        ? frontmatter.owner
+                        : String(frontmatter.owner ?? ''),
+                    complexity: typeof frontmatter.complexity === 'string'
+                        ? frontmatter.complexity
+                        : String(frontmatter.complexity ?? ''),
+                    last_updated: frontmatter.last_updated instanceof Date
+                        ? (frontmatter.last_updated.toISOString().split('T')[0] ?? '')
+                        : typeof frontmatter.last_updated === 'string'
+                            ? frontmatter.last_updated
+                            : String(frontmatter.last_updated ?? ''),
+                });
+                if (!frontmatterValidation.success) {
+                    for (const issue of frontmatterValidation.error.issues) {
+                        const field = String(issue.path[0] ?? '');
+                        const message = field === 'complexity'
+                            ? `Blueprint complexity must be one of ${BLUEPRINT_COMPLEXITIES.join(', ')}`
+                            : field === 'last_updated'
+                                ? 'Blueprint last_updated must be a YYYY-MM-DD date'
+                                : `Blueprint is missing required frontmatter field: ${field}`;
+                        violations.push({
+                            file: relativePath(root, canonicalPath),
+                            message,
+                        });
+                    }
+                }
+            }
             violations.push(...validateBlueprintLinkingFrontmatter({
                 file: relativePath(root, canonicalPath),
                 frontmatter,
@@ -268,8 +308,8 @@ export function auditBlueprintLifecycle(rootDirectory = process.cwd(), options =
             }));
         }
     }
-    if (options.includeLegacyOmx === true) {
-        const legacy = auditLegacyOmxPlans(root);
+    if (options.includeOmxPlans === true) {
+        const legacy = auditOmxPlanHandoffs(root);
         checked += legacy.checked;
         violations.push(...legacy.violations);
     }
@@ -527,7 +567,7 @@ function applyDocsFrontmatterFix(markdown, options) {
         return markdown;
     return `${markdown.slice(0, end)}\n${lines.join('\n')}${markdown.slice(end)}`;
 }
-function auditLegacyOmxPlans(root) {
+function auditOmxPlanHandoffs(root) {
     const plansRoot = join(root, '.omx', 'plans');
     const violations = [];
     let checked = 0;

package/dist/esm/audit/tech-debt-cadence.js

@@ -11,9 +11,8 @@
  * 3. Items that have never been reviewed (last_reviewed IS NULL)
  *    AND were created more than 90 days ago.
  */
-import path from 'node:path';
 import { existsSync } from 'node:fs';
-const DB_PATH = path.join('.agent', '.blueprints.db');
+import { resolveBlueprintProjectionDbPath } from '#db/paths.js';
 export async function auditTechDebtCadence(cwd) {
     if (!process.env['WP_USE_SQL_AUDITS']) {
         return {
@@ -23,7 +22,7 @@ export async function auditTechDebtCadence(cwd) {
             violations: [],
         };
     }
-    const dbFile = path.join(cwd, DB_PATH);
+    const dbFile = resolveBlueprintProjectionDbPath(cwd);
     if (!existsSync(dbFile)) {
         return {
             ok: true,

package/dist/esm/audit/toolchain-isolation.js

@@ -21,9 +21,7 @@ export function auditToolchainIsolation(root) {
     const packagePaths = findPackageJsonFiles(root);
     const violations = [];
     // Per-repo runtime exemptions: dependency names the repo declares as
-    // legitimate app-specific runtimes (e.g. `tsx` for a Pulumi program's TS
-    // loader, `@playwright/test` imported by e2e specs) rather than generic
-    // toolchain. Mechanism here; data lives in the consumer's `.webpressorc.json`.
+    // legitimate app-specific runtimes rather than generic toolchain.
     const allowDependencies = new Set(readConfig(root)?.audit?.toolchainIsolation?.allowDependencies ?? []);
     for (const packagePath of packagePaths) {
         const pkg = readPackageJson(packagePath);
@@ -122,6 +120,7 @@ function shouldSkipDirectory(name) {
         '.omx',
         '.omc',
         '.codex',
+        '.windsurf',
         // Gitignored Claude Code agent surface — agent worktree scratch under
         // .claude/worktrees/* carries vendored package manifests that are not the
         // repo's own packages; walking it produces false positives on local dev

package/dist/esm/blueprint/core/parser.js

@@ -85,7 +85,7 @@ function extractCheckboxStatus(section) {
             status = 'done';
         }
         else if (checked > 0) {
-            status = 'in_progress';
+            status = 'in-progress';
         }
     }
     return {
@@ -97,7 +97,8 @@ function extractExplicitTaskStatus(section) {
     const statusMatch = section.match(/\*\*Status:\*\*\s*(.+)/i);
     if (!statusMatch?.[1])
         return undefined;
-    const parsed = taskStatusSchema.safeParse(statusMatch[1].trim());
+    const normalizedStatus = statusMatch[1].trim().replace(/\bin_progress\b/gi, 'in-progress');
+    const parsed = taskStatusSchema.safeParse(normalizedStatus);
     if (!parsed.success) {
         throw new Error(`Invalid task status "${statusMatch[1].trim()}". Valid statuses: ${taskStatusSchema.options.join(', ')}`);
     }

package/dist/esm/blueprint/core/schema.d.ts

@@ -39,9 +39,10 @@ export declare const lifecycleBlueprintStatusSchema: z.ZodEnum<{
  */
 export declare const taskStatusSchema: z.ZodEnum<{
     blocked: "blocked";
-    done: "done";
+    "in-progress": "in-progress";
     todo: "todo";
-    in_progress: "in_progress";
+    done: "done";
+    dropped: "dropped";
 }>;
 /**
  * Valid complexity values using t-shirt sizing.

package/dist/esm/blueprint/core/schema.js

@@ -37,7 +37,7 @@ export const lifecycleBlueprintStatusSchema = z.enum([
 /**
  * Canonical task statuses for blueprint lifecycle management.
  */
-export const taskStatusSchema = z.enum(['todo', 'in_progress', 'blocked', 'done']);
+export const taskStatusSchema = z.enum(['todo', 'in-progress', 'blocked', 'done', 'dropped']);
 /**
  * Valid complexity values using t-shirt sizing.
  */

package/dist/esm/blueprint/cross-repo/audit.js

@@ -15,15 +15,14 @@
  */
 import { createHash } from 'node:crypto';
 import { existsSync } from 'node:fs';
-import path from 'node:path';
+import { resolveBlueprintProjectionDbPath } from '#db/paths.js';
 import { Database } from '#db/sqlite.js';
 import { bothSidesAllowlistEntries } from './resolver.js';
 // ---------------------------------------------------------------------------
 // Main audit
 // ---------------------------------------------------------------------------
-const DB_PATH = path.join('.agent', '.blueprints.db');
 export async function auditCrossRepoCorrelation(cwd, _dryRun) {
-    const dbFile = path.join(cwd, DB_PATH);
+    const dbFile = resolveBlueprintProjectionDbPath(cwd);
     if (!existsSync(dbFile)) {
         // No DB — nothing to audit
         return { pass: true, leaks: [], missingAllowlists: [] };
@@ -130,7 +129,7 @@ function runAudit(db) {
  * It must be invoked explicitly via `wp fix cross-repo-leak <slug>`.
  */
 export async function fixCrossRepoLeak(cwd, blueprintSlug) {
-    const dbFile = path.join(cwd, DB_PATH);
+    const dbFile = resolveBlueprintProjectionDbPath(cwd);
     if (!existsSync(dbFile)) {
         return { fixed: false, reason: 'DB file not found' };
     }

package/dist/esm/blueprint/db/cold-start.js

@@ -1,15 +1,14 @@
 import { existsSync, mkdirSync } from 'node:fs';
 import path from 'node:path';
 import { openDb } from './connection.js';
+import { pruneProjectionArtifacts } from './gc.js';
 import { ingestAll } from './ingester.js';
-import { migrateLegacyAgentDb } from './legacy-migration.js';
 import { resolveBlueprintProjectionDbPath, withProjectionDbWriteLock } from './paths.js';
 import { recordProjectionMetadata } from '#freshness.js';
 export async function coldStartIfNeeded(cwd) {
     const start = Date.now();
-    // F12/R10/E12: detect+migrate legacy `.agent/.blueprints.db` once per repo.
-    migrateLegacyAgentDb(cwd);
     const target = resolveBlueprintProjectionDbPath(cwd);
+    pruneProjectionArtifacts({ preserveDbPath: target });
     if (existsSync(target)) {
         return { rebuilt: false, blueprintsCount: 0, techDebtCount: 0, durationMs: 0 };
     }

package/dist/esm/blueprint/db/enums.d.ts

@@ -27,8 +27,8 @@ export declare const blueprintComplexitySchema: z.ZodEnum<{
 export declare const taskStatusSchema: z.ZodEnum<{
     blocked: "blocked";
     "in-progress": "in-progress";
-    done: "done";
     todo: "todo";
+    done: "done";
     dropped: "dropped";
 }>;
 export declare const techDebtStatusSchema: z.ZodEnum<{

package/dist/esm/blueprint/db/ephemeral-projection.d.ts

@@ -0,0 +1,25 @@
+/**
+ * Ephemeral in-memory blueprint projection.
+ *
+ * Builds a throwaway SQLite projection of the repo's blueprint markdown in
+ * `:memory:` and returns the open connection. The caller runs its queries and
+ * `close()`s the connection — nothing is written to disk.
+ *
+ * This is the data source for the `blueprint-lifecycle` audit: the verdict is a
+ * pure function of `markdown@HEAD`, identical in CLI / MCP / `wp doctor` / CI,
+ * with zero dependency on any persistent per-worktree projection. The schema is
+ * single-sourced through `openDb` → `runMigrations` (same as the persistent
+ * store), so the two can never drift.
+ *
+ * Deliberately does NOT take `withProjectionDbWriteLock`, `mkdirSync`, or
+ * `recordProjectionMetadata` — those belong to the persistent `reIngestProjection`
+ * / `coldStartIfNeeded` paths. An in-memory DB has no file, no lock, no metadata.
+ */
+import { type DbConnection } from './connection.js';
+/**
+ * Parse `blueprints/` (+ `tech-debt/`) markdown under `cwd` into a fresh
+ * in-memory SQLite projection. Caller owns the returned connection and must
+ * `close()` it (typically in a `finally`).
+ */
+export declare function buildEphemeralProjection(cwd: string): Promise<DbConnection>;
+//# sourceMappingURL=ephemeral-projection.d.ts.map

package/dist/esm/blueprint/db/ephemeral-projection.js

@@ -0,0 +1,36 @@
+/**
+ * Ephemeral in-memory blueprint projection.
+ *
+ * Builds a throwaway SQLite projection of the repo's blueprint markdown in
+ * `:memory:` and returns the open connection. The caller runs its queries and
+ * `close()`s the connection — nothing is written to disk.
+ *
+ * This is the data source for the `blueprint-lifecycle` audit: the verdict is a
+ * pure function of `markdown@HEAD`, identical in CLI / MCP / `wp doctor` / CI,
+ * with zero dependency on any persistent per-worktree projection. The schema is
+ * single-sourced through `openDb` → `runMigrations` (same as the persistent
+ * store), so the two can never drift.
+ *
+ * Deliberately does NOT take `withProjectionDbWriteLock`, `mkdirSync`, or
+ * `recordProjectionMetadata` — those belong to the persistent `reIngestProjection`
+ * / `coldStartIfNeeded` paths. An in-memory DB has no file, no lock, no metadata.
+ */
+import { openDb } from './connection.js';
+import { ingestAll } from './ingester.js';
+/**
+ * Parse `blueprints/` (+ `tech-debt/`) markdown under `cwd` into a fresh
+ * in-memory SQLite projection. Caller owns the returned connection and must
+ * `close()` it (typically in a `finally`).
+ */
+export async function buildEphemeralProjection(cwd) {
+    const conn = openDb(':memory:');
+    try {
+        await ingestAll({ db: conn.db, cwd });
+    }
+    catch (error) {
+        conn.close();
+        throw error;
+    }
+    return conn;
+}
+//# sourceMappingURL=ephemeral-projection.js.map

package/dist/esm/blueprint/db/gc.d.ts

@@ -0,0 +1,11 @@
+export interface PruneProjectionArtifactsOptions {
+    readonly now?: number;
+    readonly preserveDbPath?: string;
+    readonly stateRoot?: string;
+    readonly ttlMs?: number;
+}
+export interface PruneProjectionArtifactsResult {
+    readonly pruned: number;
+}
+export declare function pruneProjectionArtifacts(options?: PruneProjectionArtifactsOptions): PruneProjectionArtifactsResult;
+//# sourceMappingURL=gc.d.ts.map

package/dist/esm/blueprint/db/gc.js

@@ -0,0 +1,55 @@
+import { existsSync, readdirSync, rmSync } from 'node:fs';
+import path from 'node:path';
+import { readProjectionMetadata } from '#freshness.js';
+import { getStateRoot } from '#paths/state-root.js';
+const DEFAULT_PROJECTION_TTL_MS = 30 * 24 * 60 * 60 * 1000;
+const LEGACY_WORKTREE_SEGMENT = `${path.sep}worktree${path.sep}`;
+function safeListDirs(root) {
+    if (!existsSync(root))
+        return [];
+    return readdirSync(root, { withFileTypes: true })
+        .filter((entry) => entry.isDirectory())
+        .map((entry) => path.join(root, entry.name));
+}
+function removeProjection(dbPath) {
+    let pruned = 0;
+    for (const target of [dbPath, `${dbPath}.meta.json`]) {
+        if (!existsSync(target))
+            continue;
+        rmSync(target, { force: true });
+        pruned += 1;
+    }
+    return pruned;
+}
+function shouldPruneRepoScopedProjection(dbPath, now, ttlMs) {
+    const metadata = readProjectionMetadata(dbPath);
+    if (!metadata)
+        return false;
+    if (metadata.worktree_path && !existsSync(metadata.worktree_path))
+        return true;
+    return now - metadata.ingested_at > ttlMs;
+}
+export function pruneProjectionArtifacts(options = {}) {
+    const stateRoot = options.stateRoot ?? getStateRoot();
+    const now = options.now ?? Date.now();
+    const ttlMs = options.ttlMs ?? DEFAULT_PROJECTION_TTL_MS;
+    const preserveDbPath = options.preserveDbPath;
+    let pruned = 0;
+    for (const repoRoot of safeListDirs(stateRoot)) {
+        const repoScopedDb = path.join(repoRoot, 'blueprints', 'blueprints.db');
+        if (repoScopedDb !== preserveDbPath && shouldPruneRepoScopedProjection(repoScopedDb, now, ttlMs)) {
+            pruned += removeProjection(repoScopedDb);
+        }
+        const legacyWorktreeRoot = path.join(repoRoot, 'worktree');
+        for (const worktreeDir of safeListDirs(legacyWorktreeRoot)) {
+            const legacyDb = path.join(worktreeDir, 'blueprints', 'blueprints.db');
+            if (legacyDb === preserveDbPath)
+                continue;
+            if (!legacyDb.includes(LEGACY_WORKTREE_SEGMENT))
+                continue;
+            pruned += removeProjection(legacyDb);
+        }
+    }
+    return { pruned };
+}
+//# sourceMappingURL=gc.js.map

package/dist/esm/blueprint/db/ingester.js

@@ -57,6 +57,13 @@ function upsertBlueprint(db, filePath, blueprintRoot) {
     const content = readFileSync(filePath, 'utf8');
     const slug = deriveSlugFromBlueprintPath(filePath, blueprintRoot);
     const parsed = parseBlueprintForDb(content, filePath, slug);
+    // progress_pct: honest done-only roll-up over parsed tasks (single source of
+    // truth = the task checkboxes/status, never a hand-entered frontmatter field).
+    // `null` when there are no tasks (prose-completed plans, parent-roadmaps) so
+    // the "completed but < 100%" audit check skips them rather than flagging 0%.
+    const totalTaskCount = parsed.tasks.length;
+    const doneTaskCount = parsed.tasks.filter((task) => task.status === 'done').length;
+    const progressPct = totalTaskCount === 0 ? null : Math.round((doneTaskCount / totalTaskCount) * 100);
     const now = Date.now();
     const upsertBp = db.prepare(`INSERT INTO blueprints
        (slug, title, status, complexity, owner, created, last_updated, completed_at,
@@ -101,7 +108,7 @@ function upsertBlueprint(db, filePath, blueprintRoot) {
     const insertEdge = db.prepare(`INSERT INTO edge_cases (blueprint_slug, edge_id, severity, description, mitigation)
      VALUES (?, ?, ?, ?, ?)`);
     db.transaction(() => {
-        upsertBp.run(parsed.slug, parsed.title, parsed.status, parsed.complexity, parsed.owner, parsed.created, parsed.lastUpdated, parsed.completedAt, null, // progress_pct
+        upsertBp.run(parsed.slug, parsed.title, parsed.status, parsed.complexity, parsed.owner, parsed.created, parsed.lastUpdated, parsed.completedAt, progressPct, // progress_pct (terminal-task roll-up from tasks)
         null, // progress_text
         parsed.filePath, parsed.byteSize, parsed.contentHash, now, parsed.organization, parsed.visibility);
         // Clear and reinsert all related data
@@ -207,10 +214,41 @@ export async function ingestBlueprints(opts) {
         baseDir: blueprintRoot,
         includeSpecialFolders: true,
     }).map((entry) => entry.path);
+    const filesBySlug = new Map();
+    for (const filePath of files) {
+        try {
+            const slug = deriveSlugFromBlueprintPath(filePath, blueprintRoot);
+            const existing = filesBySlug.get(slug);
+            if (existing) {
+                existing.push(filePath);
+            }
+            else {
+                filesBySlug.set(slug, [filePath]);
+            }
+        }
+        catch (err) {
+            const msg = `[ingester] Blueprint failed: ${filePath}: ${String(err)}`;
+            process.stderr.write(msg + '\n');
+            errors.push(msg);
+        }
+    }
+    const duplicateSlugs = new Set();
+    for (const [slug, slugFiles] of filesBySlug) {
+        if (slugFiles.length <= 1) {
+            continue;
+        }
+        duplicateSlugs.add(slug);
+        const msg = `[ingester] Blueprint failed: duplicate slug "${slug}" appears in multiple blueprint documents: ${slugFiles.join(', ')}`;
+        process.stderr.write(msg + '\n');
+        errors.push(msg);
+    }
     for (const filePath of files) {
         try {
             const content = readFileSync(filePath, 'utf8');
             const slug = deriveSlugFromBlueprintPath(filePath, blueprintRoot);
+            if (duplicateSlugs.has(slug)) {
+                continue;
+            }
             const newHash = createHash('sha256').update(content).digest('hex');
             if (!dryRun) {
                 const existing = existingBlueprintHash(db, slug);

package/dist/esm/blueprint/db/migrations/run.js

@@ -1,8 +1,10 @@
 import { readdirSync, readFileSync } from 'node:fs';
 import path from 'node:path';
-import { fileURLToPath } from 'node:url';
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const MIGRATIONS_DIR = __dirname;
+import { resolvePackageAssetPreferred } from '#utils/package-assets.js';
+const MIGRATIONS_DIR = resolvePackageAssetPreferred([
+    'src/blueprint/db/migrations',
+    'dist/esm/blueprint/db/migrations',
+]);
 function ensureSchemaVersionTable(db) {
     db.exec('CREATE TABLE IF NOT EXISTS schema_version (version INTEGER PRIMARY KEY, applied_at TEXT)');
 }