@weldr/runr 0.3.1 → 0.7.2

package/dist/review/check-parser.js

@@ -0,0 +1,211 @@
+/**
+ * Review Check Parser - Extracts actionable requests from review feedback.
+ *
+ * Parses review responses to identify:
+ * - Bullet points and numbered lists
+ * - "Please fix/add/update" patterns
+ * - Done check names marked as incomplete
+ */
+/**
+ * Command mapping patterns - keywords to verification commands.
+ */
+const COMMAND_MAPPINGS = [
+    {
+        keywords: ['type error', 'typescript error', 'ts error', 'typecheck', 'tsc'],
+        command: 'npm run typecheck',
+        category: 'type_errors'
+    },
+    {
+        keywords: ['test', 'tests', 'unit test', 'testing', 'spec'],
+        command: 'npm test',
+        category: 'tests'
+    },
+    {
+        keywords: ['lint', 'linting', 'eslint', 'style'],
+        command: 'npm run lint',
+        category: 'lint'
+    },
+    {
+        keywords: ['build', 'compile', 'bundle'],
+        command: 'npm run build',
+        category: 'build'
+    },
+    {
+        keywords: ['coverage', 'test coverage', 'code coverage'],
+        command: 'npm test -- --coverage',
+        category: 'coverage'
+    }
+];
+/**
+ * Request extraction patterns.
+ */
+const REQUEST_PATTERNS = [
+    // Numbered lists: "1. Fix the issue"
+    /^\s*\d+[.)]\s*(.+)/gm,
+    // Bullet points: "- Fix the issue", "* Fix the issue"
+    /^\s*[-*•]\s*(.+)/gm,
+    // "Please" patterns: "Please fix...", "Please add..."
+    /please\s+(fix|add|update|remove|change|include|ensure|verify|check|run)\s+(.+?)(?:\.|$)/gi,
+    // "Need to" patterns: "Need to fix...", "Need to add..."
+    /(?:need|needs|should|must|have)\s+to\s+(fix|add|update|remove|change|include|run)\s+(.+?)(?:\.|$)/gi,
+    // "Fix the X" patterns
+    /fix\s+(?:the\s+)?(.+?)\s+(?:error|issue|problem|bug)/gi,
+    // "Add X" patterns
+    /add\s+(?:the\s+)?(.+?)\s+(?:test|output|evidence|check)/gi,
+    // "Missing X" patterns
+    /missing\s+(.+?)(?:\.|,|$)/gi
+];
+/**
+ * Extract bullet points and numbered lists from text.
+ */
+export function extractListItems(text) {
+    const items = [];
+    // Numbered lists
+    const numberedMatches = text.matchAll(/^\s*\d+[.)]\s*(.+)/gm);
+    for (const match of numberedMatches) {
+        items.push(match[1].trim());
+    }
+    // Bullet points
+    const bulletMatches = text.matchAll(/^\s*[-*•]\s*(.+)/gm);
+    for (const match of bulletMatches) {
+        items.push(match[1].trim());
+    }
+    return items;
+}
+/**
+ * Extract "please fix/add" style requests.
+ */
+export function extractActionRequests(text) {
+    const requests = [];
+    // "Please" patterns
+    const pleaseMatches = text.matchAll(/please\s+(fix|add|update|remove|change|include|ensure|verify|check|run)\s+(.+?)(?:\.|,|$)/gi);
+    for (const match of pleaseMatches) {
+        requests.push(`${match[1]} ${match[2]}`.trim());
+    }
+    // "Need to" patterns
+    const needMatches = text.matchAll(/(?:need|needs|should|must|have)\s+to\s+(fix|add|update|remove|change|include|run)\s+(.+?)(?:\.|,|$)/gi);
+    for (const match of needMatches) {
+        requests.push(`${match[1]} ${match[2]}`.trim());
+    }
+    return requests;
+}
+/**
+ * Map a request to a suggested verification command.
+ */
+export function mapToCommand(request) {
+    const lower = request.toLowerCase();
+    for (const mapping of COMMAND_MAPPINGS) {
+        if (mapping.keywords.some(kw => lower.includes(kw))) {
+            return { command: mapping.command, category: mapping.category };
+        }
+    }
+    return {};
+}
+/**
+ * Parse review feedback and extract actionable requests.
+ */
+export function parseReviewFeedback(reviewText) {
+    const requests = [];
+    const commandsSet = new Set();
+    // Check if approved (no further action needed)
+    const lowerText = reviewText.toLowerCase();
+    const isApproved = lowerText.includes('approved') ||
+        lowerText.includes('lgtm') ||
+        (lowerText.includes('ready') && lowerText.includes('merge'));
+    if (isApproved) {
+        return { requests: [], commandsToSatisfy: [], isApproved: true };
+    }
+    // Extract list items
+    const listItems = extractListItems(reviewText);
+    for (const item of listItems) {
+        const { command, category } = mapToCommand(item);
+        requests.push({ text: item, suggestedCommand: command, category });
+        if (command)
+            commandsSet.add(command);
+    }
+    // Extract action requests if no list items found
+    if (requests.length === 0) {
+        const actionRequests = extractActionRequests(reviewText);
+        for (const req of actionRequests) {
+            const { command, category } = mapToCommand(req);
+            requests.push({ text: req, suggestedCommand: command, category });
+            if (command)
+                commandsSet.add(command);
+        }
+    }
+    // Look for specific patterns not in lists
+    const errorPatterns = [
+        { pattern: /(\d+)\s+(?:type\s+)?error/i, category: 'type_errors' },
+        { pattern: /(\d+)\s+(?:test|spec)s?\s+fail/i, category: 'tests' },
+        { pattern: /coverage\s+(?:is\s+)?(?:only\s+)?(\d+)%/i, category: 'coverage' },
+        { pattern: /(\d+)%\s+coverage/i, category: 'coverage' },
+        { pattern: /lint\s+(?:error|fail)/i, category: 'lint' },
+        { pattern: /build\s+(?:error|fail)/i, category: 'build' }
+    ];
+    for (const { pattern, category } of errorPatterns) {
+        const match = reviewText.match(pattern);
+        if (match) {
+            const mapping = COMMAND_MAPPINGS.find(m => m.category === category);
+            if (mapping && !commandsSet.has(mapping.command)) {
+                // Only add if not already in requests
+                const hasCategory = requests.some(r => r.category === category);
+                if (!hasCategory) {
+                    requests.push({
+                        text: match[0],
+                        suggestedCommand: mapping.command,
+                        category
+                    });
+                    commandsSet.add(mapping.command);
+                }
+            }
+        }
+    }
+    return {
+        requests,
+        commandsToSatisfy: Array.from(commandsSet),
+        isApproved: false
+    };
+}
+/**
+ * Format parsed review for display.
+ */
+export function formatReviewRequests(parsed, runId) {
+    const lines = [];
+    if (parsed.isApproved) {
+        lines.push('Review: Approved');
+        return lines;
+    }
+    if (parsed.requests.length > 0) {
+        lines.push('Reviewer requested:');
+        parsed.requests.slice(0, 3).forEach((req, i) => {
+            lines.push(`  ${i + 1}. ${req.text}`);
+        });
+        if (parsed.requests.length > 3) {
+            lines.push(`  ... and ${parsed.requests.length - 3} more`);
+        }
+    }
+    if (parsed.commandsToSatisfy.length > 0) {
+        lines.push('');
+        lines.push('Commands to satisfy:');
+        for (const cmd of parsed.commandsToSatisfy) {
+            lines.push(`  ${cmd}`);
+        }
+    }
+    // Build suggested intervention command
+    if (parsed.commandsToSatisfy.length > 0) {
+        lines.push('');
+        lines.push('Suggested intervention:');
+        const cmdArgs = parsed.commandsToSatisfy.map(c => `--cmd "${c}"`).join(' ');
+        lines.push(`  runr intervene ${runId} --reason review_loop \\`);
+        lines.push(`    --note "Fixed review requests" ${cmdArgs}`);
+    }
+    return lines;
+}
+/**
+ * Extract review feedback from a done_check list.
+ */
+export function extractUnmetDoneChecks(doneChecks) {
+    return doneChecks
+        .filter(check => !check.passed)
+        .map(check => check.message || check.name);
+}

package/dist/store/checkpoint-metadata.js

@@ -0,0 +1,111 @@
+import fs from 'node:fs/promises';
+import path from 'node:path';
+/**
+ * Write checkpoint metadata sidecar file.
+ * Best-effort: does not throw if write fails.
+ */
+export async function writeCheckpointMetadata(options) {
+    const { repoPath, sha, runId, milestoneIndex, milestone, tier, verificationCommands } = options;
+    const checkpointsDir = path.join(repoPath, '.runr', 'checkpoints');
+    await fs.mkdir(checkpointsDir, { recursive: true });
+    const metadata = {
+        schema_version: 1,
+        sha,
+        run_id: runId,
+        milestone_index: milestoneIndex,
+        milestone_title: milestone.goal,
+        created_at: new Date().toISOString()
+    };
+    // Add optional fields only if available
+    if (tier !== undefined) {
+        metadata.tier = tier;
+    }
+    if (verificationCommands !== undefined && verificationCommands.length > 0) {
+        metadata.verification_commands = verificationCommands;
+    }
+    const metadataPath = path.join(checkpointsDir, `${sha}.json`);
+    const tempPath = `${metadataPath}.tmp`;
+    // Atomic write with Windows safety
+    await fs.writeFile(tempPath, JSON.stringify(metadata, null, 2), 'utf-8');
+    // Windows-safe rename: unlink destination if exists
+    try {
+        await fs.unlink(metadataPath);
+    }
+    catch {
+        // Ignore if doesn't exist
+    }
+    await fs.rename(tempPath, metadataPath);
+}
+/**
+ * Find the latest checkpoint for a run by scanning sidecar files.
+ * Returns null if no valid sidecars found.
+ * Selection: highest milestone_index, then latest created_at, then latest mtime.
+ */
+export async function findLatestCheckpointBySidecar(repoPath, runId) {
+    const checkpointsDir = path.join(repoPath, '.runr', 'checkpoints');
+    try {
+        await fs.access(checkpointsDir);
+    }
+    catch {
+        return null; // No sidecars yet
+    }
+    const files = await fs.readdir(checkpointsDir);
+    const jsonFiles = files.filter(f => f.endsWith('.json') && f !== 'index.json');
+    let latestCheckpoint = null;
+    for (const file of jsonFiles) {
+        try {
+            const filePath = path.join(checkpointsDir, file);
+            const content = await fs.readFile(filePath, 'utf-8');
+            const metadata = JSON.parse(content);
+            // Sanity checks
+            if (metadata.schema_version !== 1) {
+                continue; // Ignore unknown schema versions
+            }
+            // Required fields type checks
+            if (typeof metadata.sha !== 'string' ||
+                typeof metadata.run_id !== 'string' ||
+                typeof metadata.milestone_title !== 'string' ||
+                typeof metadata.created_at !== 'string') {
+                continue; // Missing/invalid required fields
+            }
+            const expectedSha = file.replace('.json', '');
+            if (metadata.sha !== expectedSha) {
+                continue; // SHA mismatch = corruption
+            }
+            if (!Number.isFinite(metadata.milestone_index) || metadata.milestone_index < 0) {
+                continue; // Invalid milestone index
+            }
+            if (metadata.run_id !== runId) {
+                continue; // Wrong run
+            }
+            // Get file mtime as fallback for tie-breaking
+            const stats = await fs.stat(filePath);
+            const mtime = stats.mtimeMs;
+            // Selection: higher milestone_index, then later created_at, then later mtime
+            const shouldReplace = latestCheckpoint === null ||
+                metadata.milestone_index > latestCheckpoint.milestoneIndex ||
+                (metadata.milestone_index === latestCheckpoint.milestoneIndex && (
+                // created_at comparison (handles missing/empty)
+                (metadata.created_at || '') > (latestCheckpoint.created_at || '') ||
+                    // If created_at equal/both missing, use mtime fallback
+                    ((metadata.created_at || '') === (latestCheckpoint.created_at || '') &&
+                        mtime > latestCheckpoint.mtime)));
+            if (shouldReplace) {
+                latestCheckpoint = {
+                    sha: metadata.sha,
+                    milestoneIndex: metadata.milestone_index,
+                    created_at: metadata.created_at || '',
+                    mtime
+                };
+            }
+        }
+        catch {
+            continue; // Malformed JSON or other read error
+        }
+    }
+    return latestCheckpoint ? {
+        sha: latestCheckpoint.sha,
+        milestoneIndex: latestCheckpoint.milestoneIndex,
+        created_at: latestCheckpoint.created_at
+    } : null;
+}

package/dist/store/run-store.js

@@ -86,6 +86,27 @@ export class RunStore {
     getLastEvent() {
         return this.lastEvent;
     }
+    /**
+     * Read all events from the timeline.
+     */
+    readTimeline() {
+        if (!fs.existsSync(this.timelinePath)) {
+            return [];
+        }
+        const content = fs.readFileSync(this.timelinePath, 'utf-8');
+        const events = [];
+        for (const line of content.split('\n')) {
+            if (line.trim()) {
+                try {
+                    events.push(JSON.parse(line));
+                }
+                catch {
+                    // Skip malformed lines
+                }
+            }
+        }
+        return events;
+    }
     recordWorkerCall(info) {
         this.lastWorkerCall = info;
     }

package/dist/supervisor/runner.js

@@ -16,7 +16,11 @@ import { checkLockfiles, checkScope, partitionChangedFiles } from './scope-guard
 import { commandsForTier, selectTiersWithReasons } from './verification-policy.js';
 import { runVerification } from '../verification/engine.js';
 import { stopRun, updatePhase, prepareForResume } from './state-machine.js';
+import { buildJournal } from '../journal/builder.js';
+import { renderJournal } from '../journal/renderer.js';
+import { writeReceipt, extractBaseSha, deriveTerminalState, printRunReceipt } from '../receipt/writer.js';
 import { getActiveRuns, checkFileCollisions, formatFileCollisionError } from './collision.js';
+import { parseReviewFeedback } from '../review/check-parser.js';
 import { validateNoChangesEvidence, formatEvidenceErrors } from './evidence-gate.js';
 import { normalizeOwnsPatterns, toPosixPath } from '../ownership/normalize.js';
 export function checkOwnership(changedFiles, ownedPaths, envAllowlist) {
@@ -266,6 +270,24 @@ function buildStructuredStopMemo(params) {
     lines.push('', '## Next Action', '```bash', nextAction, '```', '', '## Tips', tipsByReason[reason] ?? '- Review the timeline.jsonl for detailed event history.');
     return lines.join('\n');
 }
+/**
+ * Auto-write journal.md when run completes
+ */
+async function writeJournalOnRunComplete(runId, repoPath) {
+    try {
+        const journal = await buildJournal(runId, repoPath);
+        const markdown = renderJournal(journal);
+        // Get runs root and construct journal path
+        const { getRunsRoot } = await import('../store/runs-root.js');
+        const runDir = path.join(getRunsRoot(repoPath), runId);
+        const journalPath = path.join(runDir, 'journal.md');
+        fs.writeFileSync(journalPath, markdown, 'utf-8');
+        console.log(`\n✓ Case file generated: runs/${runId}/journal.md`);
+    }
+    catch (err) {
+        throw new Error(`Failed to generate journal: ${err.message}`);
+    }
+}
 /**
  * Main supervisor entry point with auto-resume support.
  *
@@ -576,6 +598,60 @@ async function runSupervisorOnce(options) {
     }
     finally {
         clearInterval(watchdog);
+        // Auto-write journal.md when run reaches terminal state
+        try {
+            const finalState = options.runStore.readState();
+            if (finalState.phase === 'STOPPED') {
+                await writeJournalOnRunComplete(finalState.run_id, options.repoPath);
+            }
+        }
+        catch (err) {
+            // Never crash on journal generation failure
+            console.warn(`Warning: Failed to generate journal: ${err.message}`);
+        }
+        // Auto-write receipt artifacts at terminal state and print Run Receipt
+        try {
+            const finalState = options.runStore.readState();
+            if (finalState.phase === 'STOPPED') {
+                const baseSha = extractBaseSha(options.runStore.path);
+                const terminalState = deriveTerminalState(finalState.stop_reason);
+                const verificationTier = finalState.last_verification_evidence?.tiers_run?.[0] ?? null;
+                const result = await writeReceipt({
+                    runStore: options.runStore,
+                    repoPath: options.repoPath,
+                    baseSha,
+                    checkpointSha: finalState.checkpoint_commit_sha ?? null,
+                    verificationTier,
+                    terminalState,
+                    stopReason: finalState.stop_reason,
+                    runId: finalState.run_id
+                });
+                // Print Run Receipt to console
+                if (result) {
+                    // Read diffstat for console output
+                    const diffstatPath = path.join(options.runStore.path, 'diffstat.txt');
+                    const diffstat = fs.existsSync(diffstatPath)
+                        ? fs.readFileSync(diffstatPath, 'utf-8')
+                        : '';
+                    // Get integration branch from config
+                    const integrationBranch = options.config?.workflow?.integration_branch ?? 'main';
+                    printRunReceipt({
+                        runId: finalState.run_id,
+                        terminalState,
+                        stopReason: finalState.stop_reason,
+                        receipt: result.receipt,
+                        patchPath: result.patchPath,
+                        compressed: result.compressed,
+                        diffstat,
+                        integrationBranch
+                    });
+                }
+            }
+        }
+        catch (err) {
+            // Never crash on receipt generation failure
+            console.warn(`Warning: Failed to generate receipt: ${err.message}`);
+        }
     }
 }
 /**
@@ -871,6 +947,16 @@ async function handleImplement(state, options) {
         return stopWithError(state, options, 'implement_blocked', implementer.handoff_memo);
     }
     const changedFiles = await listChangedFiles(options.repoPath);
+    // Record ignored files for forensics (journal)
+    const { getIgnoredChangesSummary } = await import('../repo/context.js');
+    const ignoredSummary = await getIgnoredChangesSummary(options.repoPath);
+    if (ignoredSummary.ignored_count > 0 || ignoredSummary.ignore_check_status === 'failed') {
+        options.runStore.appendEvent({
+            type: 'ignored_changes',
+            source: 'supervisor',
+            payload: ignoredSummary
+        });
+    }
     const scopeCheck = checkScope(changedFiles, state.scope_lock.allowlist, state.scope_lock.denylist);
     const lockfileCheck = checkLockfiles(changedFiles, options.config.scope.lockfiles, options.allowDeps);
     if (!scopeCheck.ok || !lockfileCheck.ok) {
@@ -1190,6 +1276,10 @@ async function handleReview(state, options) {
         const exceededRounds = currentRounds > maxRounds;
         if (sameFingerprint || exceededRounds) {
             const reason = sameFingerprint ? 'identical_review_feedback' : 'max_review_rounds_exceeded';
+            // Parse review changes to extract actionable commands
+            const parsedReview = parseReviewFeedback(changesText);
+            const reviewerRequests = review.changes.slice(0, 5);
+            const commandsToSatisfy = parsedReview.commandsToSatisfy;
             options.runStore.appendEvent({
                 type: 'review_loop_detected',
                 source: 'supervisor',
@@ -1198,24 +1288,55 @@ async function handleReview(state, options) {
                     review_rounds: currentRounds,
                     max_review_rounds: maxRounds,
                     same_fingerprint: sameFingerprint,
-                    last_changes: review.changes.slice(0, 2) // First 2 items for context
+                    last_changes: review.changes.slice(0, 2), // First 2 items for context
+                    // Enhanced fields for diagnostics
+                    reviewer_requests: reviewerRequests,
+                    commands_to_satisfy: commandsToSatisfy
                 }
             });
-            // Write review digest for debugging
+            // Write enhanced review digest for debugging
             const digestLines = [
                 '# Review Digest',
                 '',
                 `**Milestone:** ${state.milestone_index + 1} of ${state.milestones.length}`,
-                `**Review Rounds:** ${currentRounds}`,
+                `**Review Rounds:** ${currentRounds} (max: ${maxRounds})`,
                 `**Stop Reason:** ${reason}`,
                 '',
-                '## Last Requested Changes',
+                '## Reviewer Requested Changes',
                 '',
                 ...review.changes.map((change, i) => `${i + 1}. ${change}`),
-                '',
-                '## Status',
-                `- **Verdict:** ${review.status}`
+                ''
             ];
+            // Add commands to satisfy section if we found any
+            if (commandsToSatisfy.length > 0) {
+                digestLines.push('## Commands to Satisfy');
+                digestLines.push('');
+                digestLines.push('Run these commands to address the requested changes:');
+                digestLines.push('');
+                digestLines.push('```bash');
+                commandsToSatisfy.forEach(cmd => digestLines.push(cmd));
+                digestLines.push('```');
+                digestLines.push('');
+            }
+            // Add suggested intervention
+            digestLines.push('## Suggested Intervention');
+            digestLines.push('');
+            if (commandsToSatisfy.length > 0) {
+                const cmdArgs = commandsToSatisfy.map(c => `--cmd "${c}"`).join(' ');
+                digestLines.push('```bash');
+                digestLines.push(`runr intervene ${state.run_id} --reason review_loop \\`);
+                digestLines.push(`  --note "Fixed review requests" ${cmdArgs}`);
+                digestLines.push('```');
+            }
+            else {
+                digestLines.push('```bash');
+                digestLines.push(`runr intervene ${state.run_id} --reason review_loop \\`);
+                digestLines.push(`  --note "Fixed review requests" --cmd "npm run build"`);
+                digestLines.push('```');
+            }
+            digestLines.push('');
+            digestLines.push('## Status');
+            digestLines.push(`- **Verdict:** ${review.status}`);
             options.runStore.writeMemo('review_digest.md', digestLines.join('\n'));
             const errorMsg = sameFingerprint
                 ? `Identical review feedback detected after ${currentRounds} rounds. Manual intervention required.`
@@ -1247,14 +1368,43 @@ async function handleCheckpoint(state, options) {
     const status = await git(['status', '--porcelain'], options.repoPath);
     if (status.stdout.trim().length > 0) {
         await git(['add', '-A'], options.repoPath);
-        const message = `chore(agent): checkpoint milestone ${state.milestone_index + 1}`;
+        const message = `chore(runr): checkpoint ${state.run_id} milestone ${state.milestone_index}`;
         await git(['commit', '-m', message], options.repoPath);
     }
     const shaResult = await git(['rev-parse', 'HEAD'], options.repoPath);
+    const sha = shaResult.stdout.trim();
+    // Write checkpoint metadata sidecar (best-effort)
+    let sidecarWritten = false;
+    try {
+        const { writeCheckpointMetadata } = await import('../store/checkpoint-metadata.js');
+        await writeCheckpointMetadata({
+            repoPath: options.repoPath,
+            sha,
+            runId: state.run_id,
+            milestoneIndex: state.milestone_index,
+            milestone: state.milestones[state.milestone_index],
+            // Optional fields from last_verification_evidence (safe access)
+            tier: state.last_verification_evidence?.tiers_run?.[0],
+            verificationCommands: state.last_verification_evidence?.commands_run?.map(c => c.command) ?? undefined
+        });
+        sidecarWritten = true;
+    }
+    catch (error) {
+        // Best-effort: don't fail run if sidecar write fails
+        options.runStore.appendEvent({
+            type: 'checkpoint_sidecar_write_failed',
+            source: 'supervisor',
+            payload: {
+                sha,
+                path: path.join(options.repoPath, '.runr', 'checkpoints', `${sha}.json`),
+                error: String(error)
+            }
+        });
+    }
     const nextIndex = state.milestone_index + 1;
     const updated = {
         ...state,
-        checkpoint_commit_sha: shaResult.stdout.trim(),
+        checkpoint_commit_sha: sha,
         milestone_index: nextIndex,
         milestone_retries: 0,
         last_verify_failure: undefined,
@@ -1266,7 +1416,8 @@ async function handleCheckpoint(state, options) {
         source: 'supervisor',
         payload: {
             commit: updated.checkpoint_commit_sha,
-            milestone_index: state.milestone_index
+            milestone_index: state.milestone_index,
+            sidecar_written: sidecarWritten
         }
     });
     if (nextIndex >= updated.milestones.length) {

package/dist/tasks/task-metadata.js

@@ -40,6 +40,75 @@ function coerceOwns(value, taskPath) {
     }
     throw new Error(`Invalid owns entry in ${taskPath}: must be string or string[]`);
 }
+/**
+ * Parse allowlist_add from frontmatter or body.
+ * Accepts both frontmatter field and markdown section.
+ */
+function parseAllowlistAdd(frontmatter, body) {
+    // Check frontmatter first
+    if (frontmatter?.allowlist_add) {
+        const value = frontmatter.allowlist_add;
+        if (Array.isArray(value)) {
+            return value.filter((item) => typeof item === 'string');
+        }
+        if (typeof value === 'string') {
+            return [value];
+        }
+    }
+    // Check for Scope section in markdown body (YAML-like format)
+    // Format:
+    // ## Scope
+    // allowlist_add:
+    //   - pattern1
+    //   - pattern2
+    const scopeMatch = body.match(/##\s*Scope\s*\n([\s\S]*?)(?=\n##|\n$|$)/i);
+    if (scopeMatch) {
+        const scopeContent = scopeMatch[1];
+        const allowlistMatch = scopeContent.match(/allowlist_add:\s*\n((?:\s*-\s*.+\n?)+)/);
+        if (allowlistMatch) {
+            const items = allowlistMatch[1].match(/-\s*(.+)/g);
+            if (items) {
+                return items.map(item => item.replace(/^-\s*/, '').trim());
+            }
+        }
+    }
+    return [];
+}
+/**
+ * Parse verification tier from frontmatter or body.
+ * Enforces minimum tier0.
+ */
+function parseVerificationTier(frontmatter, body) {
+    let tier = null;
+    // Check frontmatter first
+    if (frontmatter?.verification && typeof frontmatter.verification === 'object') {
+        const verification = frontmatter.verification;
+        if (verification.tier) {
+            tier = String(verification.tier);
+        }
+    }
+    else if (frontmatter?.tier) {
+        tier = String(frontmatter.tier);
+    }
+    // Check for Verification section in markdown body
+    if (!tier) {
+        const verifyMatch = body.match(/##\s*Verification\s*\n([\s\S]*?)(?=\n##|\n$|$)/i);
+        if (verifyMatch) {
+            const tierMatch = verifyMatch[1].match(/tier:\s*(tier[012])/i);
+            if (tierMatch) {
+                tier = tierMatch[1].toLowerCase();
+            }
+        }
+    }
+    // Normalize and validate
+    if (tier) {
+        const normalized = tier.toLowerCase();
+        if (normalized === 'tier0' || normalized === 'tier1' || normalized === 'tier2') {
+            return normalized;
+        }
+    }
+    return null; // Use config default
+}
 export function loadTaskMetadata(taskPath) {
     const raw = fs.readFileSync(taskPath, 'utf-8');
     const { frontmatterText, body } = splitFrontmatter(raw);
@@ -62,11 +131,15 @@ export function loadTaskMetadata(taskPath) {
         ownsRaw = coerceOwns(frontmatter.owns, taskPath);
     }
     const ownsNormalized = normalizeOwnsPatterns(ownsRaw);
+    const allowlistAdd = parseAllowlistAdd(frontmatter, body);
+    const verificationTier = parseVerificationTier(frontmatter, body);
     return {
         raw,
         body,
         owns_raw: ownsRaw,
         owns_normalized: ownsNormalized,
-        frontmatter
+        frontmatter,
+        allowlist_add: allowlistAdd,
+        verification_tier: verificationTier
     };
 }