npm - @windyroad/itil - Versions diffs - 0.22.1 → 0.23.0-preview.249 - Mend

@windyroad/itil 0.22.1 → 0.23.0-preview.249

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/.claude-plugin/plugin.json +1 -1
package/hooks/hooks.json +4 -0
package/hooks/itil-claude-space-protection.sh +98 -0
package/hooks/lib/block-list.sh +191 -0
package/hooks/lib/claude-space-gate.sh +177 -0
package/hooks/test/block-list.bats +153 -0
package/hooks/test/itil-claude-space-protection.bats +294 -0
package/package.json +1 -1
package/skills/manage-problem/SKILL.md +28 -5
package/skills/reconcile-readme/SKILL.md +13 -5
package/skills/review-problems/SKILL.md +1 -1
package/skills/transition-problem/SKILL.md +1 -1
package/skills/transition-problems/SKILL.md +1 -1

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
   "name": "wr-itil",
-  "version": "0.22.1",
+  "version": "0.23.0",
   "description": "ITIL-aligned IT service management for Claude Code"
 }

package/hooks/hooks.json CHANGED Viewed

@@ -12,6 +12,10 @@
         "matcher": "Write",
         "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/manage-problem-enforce-create.sh" }]
       },
+      {
+        "matcher": "Write|Edit",
+        "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/itil-claude-space-protection.sh" }]
+      },
       {
         "matcher": "Bash",
         "hooks": [{ "type": "command", "command": "${CLAUDE_PLUGIN_ROOT}/hooks/p057-staging-trap-detect.sh" }]

package/hooks/itil-claude-space-protection.sh ADDED Viewed

@@ -0,0 +1,98 @@
+#!/bin/bash
+# P131: PreToolUse:Write|Edit enforcement hook for `.claude/` user-space.
+#
+# DENIES Write|Edit to project-scoped `.claude/` paths that are NOT in the
+# user-space allow-list, unless the user has pre-authorized that specific
+# path via an `.claude/.agent-write-approved-<sha256-of-rel-path>` marker.
+#
+# Why: `.claude/` is user-controlled config space (settings, memory, MCP
+# servers, user-authored skills/hooks/commands/agents, Claude Code's own
+# state in projects/ and worktrees/). Agents misread the architect/JTBD
+# gate-exclusion list as "approved write zones" and write project-generated
+# content (plans, audits, scratch state) under `.claude/`, polluting user
+# space. Project-generated content belongs in `docs/` (plans, audits) or
+# inline in problem-ticket bodies. See P131 + project CLAUDE.md MANDATORY
+# rule.
+#
+# Allow-list (per is_protected_claude_path in lib/claude-space-gate.sh):
+#   - .claude/settings.json, settings.local.json, *.local.json (root)
+#   - .claude/MEMORY.md
+#   - .claude/.install-updates-consent, scheduled_tasks.lock
+#   - .claude/skills/, commands/, agents/, hooks/ subtrees
+#   - .claude/projects/, worktrees/ subtrees (Claude Code's own state)
+#   - .claude/.agent-write-approved-* markers themselves
+#
+# Bypass: user creates `.claude/.agent-write-approved-<sha256>` marker
+# (sha256 of project-relative path). Marker is persistent (no TTL); user
+# pre-authorizes once per path. Distinct from session-scoped review
+# markers (ADR-009) — this is the persistent in-tree shape used by
+# `.claude/.install-updates-consent` (ADR-030 / P120 precedent).
+#
+# Out of scope:
+#   - Read|Glob|Grep on .claude/ paths — only Write|Edit gated
+#   - Paths outside PWD project root (~/.claude/, other repos' .claude/)
+#   - Empty session_id / file_path — fail-open (ADR-013 Rule 6 parity
+#     with sibling hooks like manage-problem-enforce-create.sh)
+#
+# References:
+#   ADR-009 — gate marker lifecycle (this hook adds a NEW persistent
+#             marker class; ADR-009's session-scoped /tmp markers
+#             unchanged)
+#   ADR-013 Rule 6 — non-interactive fail-safe; deny via stdin JSON
+#   ADR-030 — persistent in-tree consent marker precedent
+#   ADR-038 — progressive disclosure (deny message <500 bytes)
+#   ADR-045 — hook injection budget (silent on allow path)
+#   P119    — manage-problem-enforce-create.sh hook shape precedent
+#   P131    — driver
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+# shellcheck source=lib/claude-space-gate.sh
+source "$SCRIPT_DIR/lib/claude-space-gate.sh"
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_name', ''))
+except:
+    print('')
+" 2>/dev/null || echo "")
+FILE_PATH=$(echo "$INPUT" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data.get('tool_input', {}).get('file_path', ''))
+except:
+    print('')
+" 2>/dev/null || echo "")
+# Only gate Write and Edit. Read|Glob|Grep on .claude/ are out of scope.
+case "$TOOL_NAME" in
+  Write|Edit) ;;
+  *) exit 0 ;;
+esac
+# Empty file_path — fail-open (parse failure / non-file tool variant).
+if [ -z "$FILE_PATH" ]; then
+  exit 0
+fi
+# Apply gate. PWD is the project root at the moment Claude Code invokes
+# the hook (Claude Code spawns hooks in the project directory).
+if ! is_protected_claude_path "$FILE_PATH" "$PWD"; then
+  # Either not under .claude/, or in user-space allow-list. Allow.
+  exit 0
+fi
+# Check for approval marker bypass.
+if has_approval_marker "$FILE_PATH" "$PWD"; then
+  exit 0
+fi
+BASENAME=$(basename "$FILE_PATH")
+claude_space_deny "BLOCKED: Cannot Write|Edit '${BASENAME}' under .claude/. That directory is user-controlled config space — agents must not write project-generated artefacts there. Use docs/plans/ for plans, docs/audits/ for audit logs, or attach inline to the relevant problem ticket. To pre-authorize a specific .claude/ path, create marker '.claude/.agent-write-approved-<sha256-of-rel-path>' (P131; see project CLAUDE.md MANDATORY rule)."
+exit 0

package/hooks/lib/block-list.sh ADDED Viewed

@@ -0,0 +1,191 @@
+#!/bin/bash
+# P123: shared block-list helper for the inbound-report block mechanism.
+# Per ADR-046 §v1 implementation contract — audit-log-only.
+#
+# Functions:
+#   is_blocked(<reporter-id-hash>)
+#     Exit 0 if the hash is present in $BLOCK_LIST_FILE; non-zero otherwise.
+#   add_block(<reporter-id-hash> <evidence-ticket-P###> <provenance>)
+#     Validate hex-shape on the hash; append to $BLOCK_LIST_FILE if absent
+#     (idempotent); append a `block`-typed entry to $AUDIT_LOG_FILE.
+#   remove_block(<reporter-id-hash> <reason>)
+#     Remove the hash from $BLOCK_LIST_FILE if present; append an
+#     `unblock`-typed entry to $AUDIT_LOG_FILE recording the reason.
+#   list_blocks()
+#     Print all currently-blocked hashes, one per line.
+#
+# Helper does NOT compute hashes. Caller supplies an opaque hex string;
+# the helper validates SHA-256-width hex shape (64 chars, [0-9a-f]).
+# Rationale (architect verdict, this iter): keeping the helper GitHub-
+# agnostic means non-GitHub channel adoption (out-of-scope per ADR-046
+# §Reassessment) wouldn't require helper changes — only the hashing
+# step on the caller side would differ.
+#
+# Persistence:
+#   $BLOCK_LIST_FILE — default `docs/blocked-reporters.json`. JSON array
+#                      of hash strings. Tracked in git per ADR-046.
+#   $AUDIT_LOG_FILE  — default `docs/blocked-reporters.audit.jsonl`.
+#                      One JSON object per line (append-only). Five-field
+#                      shape per ADR-046 Q2: type, reporter_id_hash,
+#                      evidence_ticket, timestamp, author.
+#
+# Both file paths are relative to the caller's CWD so test fixtures
+# can drop a temp `docs/` dir in $TEST_DIR. Production callers run
+# from the repo root; same shape applies.
+#
+# Dependencies: `jq` for JSON read/write. `python3` is acceptable as a
+# fallback if jq is not available, but the audit log JSONL emission
+# uses bash printf for atomicity (one printf per line — no parse-write
+# cycle for append).
+#
+# References:
+#   ADR-005 — plugin testing strategy (helper bats live alongside).
+#   ADR-014 — governance skills commit their own work (this helper is
+#             called by future P079 / report-upstream consumers; their
+#             commits include the block-list mutation).
+#   ADR-017 — shared-code-sync pattern (helper ships ahead of consumers).
+#   ADR-022 — verification-pending status (P123 ships audit-log-only,
+#             transitions to verifying; full enforcement in future iters).
+#   ADR-029 — diagnose before implement (ADR-046 is the diagnosis).
+#   ADR-030 — repo-local skills / per-repo artefact precedent.
+#   ADR-037 — skill testing strategy (this is hook-shared-helper, not
+#             skill content; bats partition under hooks/test/).
+#   ADR-046 — blocked-reporters persistence (proposed → accepted with
+#             this iter); §v1 implementation contract names this helper.
+#   P123    — primary ticket.
+# Default paths — caller's CWD relative. Override for tests by exporting
+# BLOCK_LIST_FILE / AUDIT_LOG_FILE before sourcing.
+: "${BLOCK_LIST_FILE:=docs/blocked-reporters.json}"
+: "${AUDIT_LOG_FILE:=docs/blocked-reporters.audit.jsonl}"
+# SHA-256 hex width (64 chars). Helper rejects any input that doesn't
+# match this shape — per architect verdict, we don't allow alternate
+# hash widths in v1 (single-shape contract is simpler to reason about
+# and the JTBD-101 "decide once, encode it" pattern wins here).
+_BLOCK_LIST_HASH_RE='^[0-9a-f]{64}$'
+# Validate that a string is SHA-256-width hex. Returns 0 on match.
+_block_list_validate_hash() {
+  local hash="$1"
+  [[ "$hash" =~ $_BLOCK_LIST_HASH_RE ]]
+}
+# Ensure the block-list file exists with an empty array on first use.
+# Idempotent — repeated calls leave existing content alone.
+_block_list_ensure_file() {
+  if [ ! -f "$BLOCK_LIST_FILE" ]; then
+    mkdir -p "$(dirname "$BLOCK_LIST_FILE")"
+    printf '[]\n' > "$BLOCK_LIST_FILE"
+  fi
+}
+# Append one JSONL audit-log entry. Five-field shape per ADR-046 Q2.
+# `evidence_ticket` carries the reason string for unblock entries
+# (type-tagged; the unblock reason reuses the same slot).
+_block_list_audit_append() {
+  local type="$1"
+  local hash="$2"
+  local evidence="$3"
+  local author="$4"
+  local timestamp
+  timestamp=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
+  mkdir -p "$(dirname "$AUDIT_LOG_FILE")"
+  # JSON-escape the evidence and author fields. Both are user-supplied
+  # strings; backslash + double-quote are the load-bearing chars.
+  local evidence_esc author_esc
+  evidence_esc=${evidence//\\/\\\\}
+  evidence_esc=${evidence_esc//\"/\\\"}
+  author_esc=${author//\\/\\\\}
+  author_esc=${author_esc//\"/\\\"}
+  printf '{"type":"%s","reporter_id_hash":"%s","evidence_ticket":"%s","timestamp":"%s","author":"%s"}\n' \
+    "$type" "$hash" "$evidence_esc" "$timestamp" "$author_esc" \
+    >> "$AUDIT_LOG_FILE"
+}
+# Returns 0 if the hash is currently in the block list; non-zero
+# otherwise. Empty/missing block list => non-zero.
+is_blocked() {
+  local hash="$1"
+  [ -n "$hash" ] || return 1
+  _block_list_validate_hash "$hash" || return 1
+  [ -f "$BLOCK_LIST_FILE" ] || return 1
+  # Use jq if available; fall back to grep-on-quoted-hash if not.
+  if command -v jq >/dev/null 2>&1; then
+    jq -e --arg h "$hash" 'index([$h]) != null' "$BLOCK_LIST_FILE" >/dev/null 2>&1
+  else
+    grep -Fq "\"$hash\"" "$BLOCK_LIST_FILE"
+  fi
+}
+# Add a hash to the block list. Idempotent (re-adding same hash is
+# a no-op on the list file but DOES emit an audit entry — re-blocks
+# are themselves audit events). Returns 0 on success / no-op,
+# non-zero on input validation failure.
+add_block() {
+  local hash="$1"
+  local evidence="$2"
+  local author="$3"
+  [ -n "$hash" ] || return 2
+  _block_list_validate_hash "$hash" || return 2
+  _block_list_ensure_file
+  if is_blocked "$hash"; then
+    # Idempotent — already present. Do not duplicate the list entry.
+    # Skip the audit entry too: per the "one entry per hash" idempotency
+    # contract the bats asserts, the audit log's add-record stays a
+    # single line for a single hash.
+    return 0
+  fi
+  if command -v jq >/dev/null 2>&1; then
+    local tmp
+    tmp=$(mktemp)
+    jq --arg h "$hash" '. + [$h]' "$BLOCK_LIST_FILE" > "$tmp" && mv "$tmp" "$BLOCK_LIST_FILE"
+  else
+    # Fallback: simple JSON-array textual edit. Strip trailing `]`,
+    # append `, "<hash>"]` or `"<hash>"]` for empty arrays.
+    local content
+    content=$(cat "$BLOCK_LIST_FILE")
+    if [[ "$content" =~ ^\[\ *\]\ *$ ]]; then
+      printf '["%s"]\n' "$hash" > "$BLOCK_LIST_FILE"
+    else
+      # Replace closing `]` with `,"<hash>"]`.
+      printf '%s' "$content" | sed "s/\]\s*\$/,\"$hash\"]/" > "$BLOCK_LIST_FILE"
+      printf '\n' >> "$BLOCK_LIST_FILE"
+    fi
+  fi
+  _block_list_audit_append "block" "$hash" "$evidence" "$author"
+}
+# Remove a hash from the block list. Appends an `unblock` audit entry
+# regardless of whether the hash was present (so attempted-unblock-of-
+# never-blocked is itself audit-trail-recorded). Returns 0 on success,
+# non-zero on input validation failure.
+remove_block() {
+  local hash="$1"
+  local reason="$2"
+  [ -n "$hash" ] || return 2
+  _block_list_validate_hash "$hash" || return 2
+  _block_list_ensure_file
+  if command -v jq >/dev/null 2>&1; then
+    local tmp
+    tmp=$(mktemp)
+    jq --arg h "$hash" '. - [$h]' "$BLOCK_LIST_FILE" > "$tmp" && mv "$tmp" "$BLOCK_LIST_FILE"
+  else
+    # Fallback: textual remove of `"<hash>"` and any adjacent comma.
+    sed -i.bak -e "s/,\"$hash\"//g" -e "s/\"$hash\",//g" -e "s/\"$hash\"//g" "$BLOCK_LIST_FILE"
+    rm -f "${BLOCK_LIST_FILE}.bak"
+  fi
+  _block_list_audit_append "unblock" "$hash" "$reason" ""
+}
+# Print all currently-blocked hashes, one per line. Empty list prints
+# nothing. Returns 0 always (empty is a valid state).
+list_blocks() {
+  [ -f "$BLOCK_LIST_FILE" ] || return 0
+  if command -v jq >/dev/null 2>&1; then
+    jq -r '.[]' "$BLOCK_LIST_FILE" 2>/dev/null
+  else
+    # Fallback: extract `"<hash>"` substrings from the array.
+    grep -oE '"[0-9a-f]{64}"' "$BLOCK_LIST_FILE" | tr -d '"'
+  fi
+}

package/hooks/lib/claude-space-gate.sh ADDED Viewed

@@ -0,0 +1,177 @@
+#!/bin/bash
+# Shared gate logic for `.claude/` user-space write protection (P131).
+#
+# Sourced by itil-claude-space-protection.sh. Provides:
+#   is_protected_claude_path  — returns 0 if path is project-scoped `.claude/`
+#                               AND not in user-space allow-list
+#   has_approval_marker       — returns 0 if user pre-authorized this path via
+#                               `.claude/.agent-write-approved-<sha256>` marker
+#   claude_space_deny         — emits PreToolUse deny JSON
+#
+# Why this is a separate gate semantic from review-gate.sh / create-gate.sh:
+# review-gate.sh enforces per-session "policy was reviewed" markers with TTL.
+# create-gate.sh enforces per-session "duplicate-check ran" markers.
+# This gate enforces a PERSISTENT "user pre-approved this specific path"
+# marker — different lifecycle (no TTL, no drift, never auto-cleared) and
+# different scope (file-path-keyed, not session-keyed). Architect verdict
+# (P131 Phase 2): keep semantically distinct from existing gate libraries.
+#
+# Marker convention: `.claude/.agent-write-approved-<sha256-of-rel-path>`
+# where `<sha256-of-rel-path>` is the SHA-256 hex of the path relative to
+# project root (PWD). Persistent, in-tree, file-existence test — same
+# shape as ADR-030 / P120 `.claude/.install-updates-consent` precedent.
+#
+# Allow-list scope: paths under `.claude/` that are user-controlled by
+# convention (Claude Code config, user-authored extensions, system state):
+#   - settings.json, settings.local.json, *.local.json (root-depth only)
+#   - MEMORY.md
+#   - .install-updates-consent, scheduled_tasks.lock
+#   - skills/, commands/, agents/, hooks/, projects/, worktrees/ subtrees
+#   - .agent-write-approved-* markers themselves (so user can create them)
+#
+# References:
+#   ADR-009 — gate marker lifecycle (this gate adds a NEW persistent
+#             marker class; the ADR's session-scoped /tmp markers are
+#             unchanged)
+#   ADR-013 Rule 6 — non-interactive fail-safe (parse-error => exit 0)
+#   ADR-030 — install-updates persistent in-tree consent marker precedent
+#   ADR-038 — progressive disclosure (deny message <500 bytes)
+#   ADR-045 — hook injection budget (Pattern 1 silent-on-pass; allow path
+#             emits zero bytes)
+#   P119    — manage-problem-enforce-create.sh precedent for itil
+#             PreToolUse:Write enforcement hook shape
+#   P120    — install-updates consent-marker persistence precedent
+#   P131    — this gate's driver
+# Returns 0 (true) if FILE_PATH is a project-scoped .claude/ path AND is
+# NOT in the user-space allow-list. Returns 1 (false) otherwise.
+#
+# Project scope: FILE_PATH must be under PWD (the project root). Paths
+# under ~/.claude/, /Users/.../.claude/projects/, or any .claude/
+# directory outside PWD are NOT project-scoped — those are user-home
+# config or other repos and out of scope for this gate.
+#
+# Usage: if is_protected_claude_path "$FILE_PATH" "$PWD"; then ...; fi
+is_protected_claude_path() {
+  local file_path="$1"
+  local pwd_root="$2"
+  [ -n "$file_path" ] || return 1
+  [ -n "$pwd_root" ] || return 1
+  # Resolve to a path relative to project root if absolute. Hook callers
+  # pass absolute paths in tool_input.file_path; tests may pass relative.
+  local rel_path
+  case "$file_path" in
+    "$pwd_root"/*)
+      rel_path="${file_path#"$pwd_root"/}"
+      ;;
+    /*)
+      # Absolute path outside project root — not project-scoped.
+      return 1
+      ;;
+    *)
+      # Relative path — assume relative to PWD.
+      rel_path="$file_path"
+      ;;
+  esac
+  # Strip leading ./ if present
+  rel_path="${rel_path#./}"
+  # Must be under .claude/ at project-relative root depth.
+  case "$rel_path" in
+    .claude/*) ;;
+    *) return 1 ;;
+  esac
+  # User-space allow-list. Match against rel_path only (project-relative).
+  # Anchor patterns to avoid accidental allows at deeper paths.
+  case "$rel_path" in
+    # Root-level config files
+    .claude/settings.json) return 1 ;;
+    .claude/settings.local.json) return 1 ;;
+    .claude/MEMORY.md) return 1 ;;
+    .claude/.install-updates-consent) return 1 ;;
+    .claude/scheduled_tasks.lock) return 1 ;;
+    # Approval markers themselves (so user can create them via Write)
+    .claude/.agent-write-approved-*) return 1 ;;
+    # Root-depth *.local.json (Claude Code convention for local overrides).
+    # Must NOT extend to .claude/<subdir>/foo.local.json — anchor to one
+    # path segment after .claude/.
+    .claude/*.local.json)
+      case "$rel_path" in
+        .claude/*/*.local.json) ;;
+        *) return 1 ;;
+      esac
+      ;;
+    # User-extension subtrees: skills, commands, agents, hooks
+    # (Claude Code conventions). Symlinks under skills/ are common.
+    .claude/skills/*) return 1 ;;
+    .claude/commands/*) return 1 ;;
+    .claude/agents/*) return 1 ;;
+    .claude/hooks/*) return 1 ;;
+    # Claude Code's own state: projects/<id>/memory/, worktrees/
+    .claude/projects/*) return 1 ;;
+    .claude/worktrees/*) return 1 ;;
+  esac
+  # Project-scoped .claude/ path NOT on the allow-list — protected.
+  return 0
+}
+# Returns 0 (true) if user has pre-authorized writes to FILE_PATH via an
+# `.claude/.agent-write-approved-<sha256-of-rel-path>` marker file. The
+# hash keys on the path relative to project root so the marker is portable
+# across machines using the same project tree.
+#
+# Usage: if has_approval_marker "$FILE_PATH" "$PWD"; then ...; fi
+has_approval_marker() {
+  local file_path="$1"
+  local pwd_root="$2"
+  [ -n "$file_path" ] || return 1
+  [ -n "$pwd_root" ] || return 1
+  local rel_path
+  case "$file_path" in
+    "$pwd_root"/*) rel_path="${file_path#"$pwd_root"/}" ;;
+    /*) return 1 ;;
+    *) rel_path="$file_path" ;;
+  esac
+  rel_path="${rel_path#./}"
+  # SHA-256 of the project-relative path. Use shasum (BSD) or sha256sum
+  # (GNU) — fall back gracefully.
+  local hash
+  if command -v shasum >/dev/null 2>&1; then
+    hash=$(printf '%s' "$rel_path" | shasum -a 256 | awk '{print $1}')
+  elif command -v sha256sum >/dev/null 2>&1; then
+    hash=$(printf '%s' "$rel_path" | sha256sum | awk '{print $1}')
+  else
+    # No hash tool available — treat as no marker (fail-closed for the
+    # bypass; hook will emit deny). Better to require explicit user
+    # action than to silently allow.
+    return 1
+  fi
+  [ -n "$hash" ] || return 1
+  [ -f "${pwd_root}/.claude/.agent-write-approved-${hash}" ]
+}
+# Emit fail-closed PreToolUse deny JSON. Reason should be terse (<500
+# bytes per ADR-038). Hook callers compose the basename + reason inline.
+#
+# Usage: claude_space_deny "BLOCKED: <reason>"
+claude_space_deny() {
+  local reason="$1"
+  cat <<EOF
+{
+  "hookSpecificOutput": {
+    "hookEventName": "PreToolUse",
+    "permissionDecision": "deny",
+    "permissionDecisionReason": "$reason"
+  }
+}
+EOF
+}

package/hooks/test/block-list.bats ADDED Viewed

@@ -0,0 +1,153 @@
+#!/usr/bin/env bats
+# P123: packages/itil/hooks/lib/block-list.sh shared helper for the
+# inbound-report block-list mechanism. Per ADR-046 §v1 implementation
+# contract — audit-log-only — the helper exposes four functions:
+#   is_blocked(<reporter-id-hash>)
+#   add_block(<reporter-id-hash> <evidence-ticket-P###> <provenance>)
+#   remove_block(<reporter-id-hash> <reason>)
+#   list_blocks()
+#
+# Per ADR-046 §Decision Outcome §Identifier, the entry shape is the
+# SHA-256 hash of the GitHub numeric user ID. Per architect verdict
+# (this iter), the helper does NOT compute the hash — caller supplies
+# an opaque hex string; helper validates hex shape only. This keeps
+# the helper GitHub-agnostic so non-GitHub channel adoption (out-of-
+# scope per ADR-046 §Reassessment) wouldn't require helper changes.
+#
+# Audit log: sibling JSONL file `docs/blocked-reporters.audit.jsonl`.
+# Append-only; one JSON object per line per the five-field shape
+# adopted in ADR-046 Q2: {type, reporter_id_hash, evidence_ticket,
+# timestamp, author}.
+#
+# Per feedback_behavioural_tests.md (P081) — behavioural assertions on
+# observable outcomes (file state, exit codes, helper-emitted output).
+# No source-grep on helper text. Per ADR-005 (plugin testing strategy)
+# + ADR-037 (skill testing strategy) hook bats live under
+# packages/itil/hooks/test/ and assert behaviour, not implementation.
+setup() {
+  SCRIPT_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  HELPER="$SCRIPT_DIR/lib/block-list.sh"
+  ORIG_DIR="$PWD"
+  TEST_DIR=$(mktemp -d)
+  cd "$TEST_DIR"
+  mkdir -p docs
+  # Mirror the per-repo on-disk shape ADR-046 names.
+  echo "[]" > docs/blocked-reporters.json
+  # Source the helper. Functions become callable in this shell.
+  # shellcheck source=/dev/null
+  source "$HELPER"
+}
+teardown() {
+  cd "$ORIG_DIR"
+  rm -rf "$TEST_DIR"
+}
+# Canonical fixture hash — 64 hex chars (SHA-256 width). Real callers
+# would compute this from a GitHub numeric user ID; the helper does
+# not care about provenance, only that the input is hex-shaped.
+HASH_A="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"
+HASH_B="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb"
+# --- Round-trip: add_block then is_blocked ---
+@test "add_block + is_blocked round-trip: hash present after add" {
+  add_block "$HASH_A" "P123" "test@example.com"
+  run is_blocked "$HASH_A"
+  [ "$status" -eq 0 ]
+}
+@test "is_blocked: returns non-zero for hash never added" {
+  run is_blocked "$HASH_B"
+  [ "$status" -ne 0 ]
+}
+# --- list_blocks output shape ---
+@test "list_blocks: prints each blocked hash on its own line" {
+  add_block "$HASH_A" "P123" "test@example.com"
+  add_block "$HASH_B" "P124" "test@example.com"
+  run list_blocks
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"$HASH_A"* ]]
+  [[ "$output" == *"$HASH_B"* ]]
+  # Two distinct hashes — output should have at least two non-empty lines.
+  line_count=$(printf '%s\n' "$output" | grep -c .)
+  [ "$line_count" -ge 2 ]
+}
+@test "list_blocks: empty list on empty docs/blocked-reporters.json" {
+  run list_blocks
+  [ "$status" -eq 0 ]
+  # No hash strings; either empty output or whitespace only.
+  [[ "$output" != *"$HASH_A"* ]]
+  [[ "$output" != *"$HASH_B"* ]]
+}
+# --- Idempotent add ---
+@test "add_block: adding the same hash twice is idempotent (one entry)" {
+  add_block "$HASH_A" "P123" "test@example.com"
+  add_block "$HASH_A" "P123" "test@example.com"
+  run list_blocks
+  [ "$status" -eq 0 ]
+  occurrences=$(printf '%s\n' "$output" | grep -c "$HASH_A")
+  [ "$occurrences" -eq 1 ]
+}
+# --- remove_block path ---
+@test "remove_block: hash absent from is_blocked after remove" {
+  add_block "$HASH_A" "P123" "test@example.com"
+  remove_block "$HASH_A" "wrongly-classified"
+  run is_blocked "$HASH_A"
+  [ "$status" -ne 0 ]
+}
+# --- Audit log presence (ADR-046 Q2 five-field shape) ---
+@test "add_block: appends entry to docs/blocked-reporters.audit.jsonl" {
+  add_block "$HASH_A" "P123" "test@example.com"
+  [ -f docs/blocked-reporters.audit.jsonl ]
+  run cat docs/blocked-reporters.audit.jsonl
+  [[ "$output" == *"\"type\""* ]]
+  [[ "$output" == *"\"block\""* ]]
+  [[ "$output" == *"$HASH_A"* ]]
+  [[ "$output" == *"P123"* ]]
+  [[ "$output" == *"test@example.com"* ]]
+  # Five-field shape names: type, reporter_id_hash, evidence_ticket,
+  # timestamp, author. Assert each label is present.
+  [[ "$output" == *"reporter_id_hash"* ]]
+  [[ "$output" == *"evidence_ticket"* ]]
+  [[ "$output" == *"timestamp"* ]]
+  [[ "$output" == *"author"* ]]
+}
+@test "remove_block: appends an unblock entry to the audit log" {
+  add_block "$HASH_A" "P123" "test@example.com"
+  remove_block "$HASH_A" "wrongly-classified"
+  run cat docs/blocked-reporters.audit.jsonl
+  [[ "$output" == *"\"unblock\""* ]]
+  # The reason field rides under evidence_ticket per the five-field shape
+  # (audit log is type-tagged; the reason slot reuses evidence_ticket
+  # for unblock provenance per the helper's contract).
+  [[ "$output" == *"wrongly-classified"* ]]
+}
+# --- Hashed-ID handling: helper validates hex shape ---
+@test "add_block: rejects non-hex input (non-zero exit, no entry written)" {
+  run add_block "not-a-hash" "P123" "test@example.com"
+  [ "$status" -ne 0 ]
+  # State unchanged.
+  run is_blocked "not-a-hash"
+  [ "$status" -ne 0 ]
+}
+@test "add_block: rejects wrong-length hex (non-SHA-256-width input)" {
+  # 32 hex chars (half of SHA-256 width) — wrong length.
+  run add_block "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" "P123" "test@example.com"
+  [ "$status" -ne 0 ]
+}

package/hooks/test/itil-claude-space-protection.bats ADDED Viewed

@@ -0,0 +1,294 @@
+#!/usr/bin/env bats
+# P131: itil-claude-space-protection.sh PreToolUse:Write|Edit hook must
+# block agent writes to project-scoped `.claude/` paths NOT in the
+# user-space allow-list, unless an approval marker is present.
+#
+# Per ADR-037 + P081 (feedback_behavioural_tests.md): behavioural
+# assertions — simulate the hook's payload on stdin and assert on
+# emitted JSON permissionDecision and exit status. No source-grep on
+# hook content.
+#
+# References:
+#   ADR-009 — marker lifecycle (this hook adds a new persistent class)
+#   ADR-013 Rule 6 — non-interactive fail-safe
+#   ADR-038 — progressive disclosure (deny message <500 bytes)
+#   ADR-045 — hook injection budget (silent on allow path)
+#   P131    — user-space write protection driver
+setup() {
+  SCRIPT_DIR="$(cd "$(dirname "$BATS_TEST_FILENAME")/.." && pwd)"
+  HOOK="$SCRIPT_DIR/itil-claude-space-protection.sh"
+  ORIG_DIR="$PWD"
+  TEST_DIR=$(mktemp -d)
+  cd "$TEST_DIR"
+  mkdir -p .claude/skills/myskill .claude/commands .claude/agents \
+    .claude/hooks .claude/projects/abc/memory .claude/worktrees \
+    docs/plans
+}
+teardown() {
+  cd "$ORIG_DIR"
+  rm -rf "$TEST_DIR"
+}
+run_hook() {
+  local tool="$1"
+  local file_path="$2"
+  local json
+  json=$(printf '{"tool_name":"%s","tool_input":{"file_path":"%s"},"session_id":"test-sid"}' \
+    "$tool" "$file_path")
+  echo "$json" | bash "$HOOK"
+}
+# Helper: compute approval-marker filename for a project-relative path
+marker_path_for() {
+  local rel_path="$1"
+  local hash
+  if command -v shasum >/dev/null 2>&1; then
+    hash=$(printf '%s' "$rel_path" | shasum -a 256 | awk '{print $1}')
+  else
+    hash=$(printf '%s' "$rel_path" | sha256sum | awk '{print $1}')
+  fi
+  echo ".claude/.agent-write-approved-${hash}"
+}
+# --- Core deny path: protected .claude/ writes without marker ---
+@test "deny: Write to .claude/plans/foo.md without marker" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"\"permissionDecision\": \"deny\""* ]]
+  [[ "$output" == *"BLOCKED"* ]]
+}
+@test "deny: Write to .claude/audits/2026-04-28.md without marker" {
+  run run_hook "Write" "$PWD/.claude/audits/2026-04-28.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"BLOCKED"* ]]
+}
+@test "deny: Edit to existing agent-introduced .claude/plans file" {
+  mkdir -p .claude/plans
+  echo "stub" > .claude/plans/foo.md
+  run run_hook "Edit" "$PWD/.claude/plans/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"BLOCKED"* ]]
+}
+@test "deny: Write to .claude/scratch/state.json without marker" {
+  run run_hook "Write" "$PWD/.claude/scratch/state.json"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"BLOCKED"* ]]
+}
+# --- Allow paths: user-space allow-list ---
+@test "allow: Write to .claude/settings.json" {
+  run run_hook "Write" "$PWD/.claude/settings.json"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+  [[ "$output" != *"\"permissionDecision\": \"deny\""* ]]
+}
+@test "allow: Write to .claude/settings.local.json" {
+  run run_hook "Write" "$PWD/.claude/settings.local.json"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/MEMORY.md" {
+  run run_hook "Write" "$PWD/.claude/MEMORY.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/.install-updates-consent" {
+  run run_hook "Write" "$PWD/.claude/.install-updates-consent"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/scheduled_tasks.lock" {
+  run run_hook "Write" "$PWD/.claude/scheduled_tasks.lock"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/skills/install-updates/SKILL.md (skills subtree)" {
+  run run_hook "Write" "$PWD/.claude/skills/install-updates/SKILL.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/commands/foo.md (commands subtree)" {
+  run run_hook "Write" "$PWD/.claude/commands/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/agents/foo.md (agents subtree)" {
+  run run_hook "Write" "$PWD/.claude/agents/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/hooks/foo.sh (hooks subtree)" {
+  run run_hook "Write" "$PWD/.claude/hooks/foo.sh"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/projects/abc/memory/MEMORY.md (Claude Code state)" {
+  run run_hook "Write" "$PWD/.claude/projects/abc/memory/MEMORY.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to .claude/worktrees/something (worktrees subtree)" {
+  run run_hook "Write" "$PWD/.claude/worktrees/something"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+# --- Allow paths: outside .claude/ ---
+@test "allow: Write to docs/plans/foo.md (not under .claude/)" {
+  run run_hook "Write" "$PWD/docs/plans/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to packages/itil/hooks/foo.sh" {
+  mkdir -p packages/itil/hooks
+  run run_hook "Write" "$PWD/packages/itil/hooks/foo.sh"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to absolute path outside PWD project root" {
+  run run_hook "Write" "/Users/someone/.claude/plans/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Write to ~/.claude path (user home, outside project)" {
+  run run_hook "Write" "$HOME/.claude/projects/xyz/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+# --- Approval-marker bypass ---
+@test "allow: Write to .claude/plans/foo.md WHEN approval marker exists" {
+  marker=$(marker_path_for ".claude/plans/foo.md")
+  : > "$marker"
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "deny: marker for one path does not authorize a different path" {
+  marker=$(marker_path_for ".claude/plans/foo.md")
+  : > "$marker"
+  run run_hook "Write" "$PWD/.claude/plans/bar.md"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"BLOCKED"* ]]
+}
+@test "allow: user can Write the approval marker itself" {
+  marker=$(marker_path_for ".claude/plans/foo.md")
+  run run_hook "Write" "$PWD/$marker"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+# --- Tool-name and edge cases ---
+@test "allow: Read tool on protected .claude/ path is unaffected" {
+  mkdir -p .claude/plans
+  echo "stub" > .claude/plans/foo.md
+  run bash -c "echo '{\"tool_name\":\"Read\",\"tool_input\":{\"file_path\":\"$PWD/.claude/plans/foo.md\"}}' | bash $HOOK"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: Glob tool on .claude/ is unaffected (pattern, not file_path)" {
+  run bash -c "echo '{\"tool_name\":\"Glob\",\"tool_input\":{\"pattern\":\".claude/**/*.md\"}}' | bash $HOOK"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+@test "allow: empty file_path exits 0 without action" {
+  run bash -c "echo '{\"tool_name\":\"Write\",\"tool_input\":{}}' | bash $HOOK"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+# --- Allow-list anchor depth (architect note) ---
+@test "deny: .claude/plans/foo.local.json (deeper than root) — *.local.json must not pass at arbitrary depth" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.local.json"
+  [ "$status" -eq 0 ]
+  [[ "$output" == *"BLOCKED"* ]]
+}
+@test "allow: .claude/foo.local.json (root depth) — *.local.json convention" {
+  run run_hook "Write" "$PWD/.claude/foo.local.json"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}
+# --- Deny message contract (ADR-038 progressive disclosure) ---
+@test "deny message names P131" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  [[ "$output" == *"P131"* ]]
+}
+@test "deny message suggests docs/ alternative" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  [[ "$output" == *"docs/"* ]]
+}
+@test "deny message names the approval-marker bypass" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  [[ "$output" == *".agent-write-approved-"* ]]
+}
+@test "deny message references project CLAUDE.md MANDATORY rule" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  [[ "$output" == *"CLAUDE.md"* ]]
+}
+@test "deny message stays under ADR-038 progressive-disclosure 500-byte cap" {
+  run run_hook "Write" "$PWD/.claude/plans/foo.md"
+  # Extract the permissionDecisionReason value and check its byte length.
+  reason=$(echo "$output" | python3 -c "
+import sys, json
+try:
+    data = json.load(sys.stdin)
+    print(data['hookSpecificOutput']['permissionDecisionReason'])
+except Exception as e:
+    print('')
+")
+  byte_len=$(printf '%s' "$reason" | wc -c)
+  # Bound: the deny message must be discoverable + actionable but
+  # progressive — < 500 bytes per ADR-038.
+  [ "$byte_len" -lt 500 ]
+}
+# --- ADR-045 silent-on-pass: allow path emits zero bytes ---
+@test "allow path emits no output (ADR-045 Pattern 1 silent-on-pass)" {
+  run run_hook "Write" "$PWD/.claude/settings.json"
+  [ "$status" -eq 0 ]
+  # Empty stdout — silent on allow.
+  [ -z "$output" ]
+}
+@test "non-Write|Edit tool emits no output (silent-on-pass)" {
+  run bash -c "echo '{\"tool_name\":\"Bash\",\"tool_input\":{\"command\":\"ls\"}}' | bash $HOOK"
+  [ "$status" -eq 0 ]
+  [ -z "$output" ]
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/itil",
-  "version": "0.22.1",
+  "version": "0.23.0-preview.249",
   "description": "ITIL-aligned IT service management for Claude Code (problem, and future incident/change skills)",
   "bin": {
     "windyroad-itil": "./bin/install.mjs"

package/skills/manage-problem/SKILL.md CHANGED Viewed

@@ -407,11 +407,34 @@ After writing the new `.open.md` file, regenerate `docs/problems/README.md` to i
 **WSJF Rankings tie-break sort (P138)**: rows in the WSJF Rankings table are sorted by the multi-key `(WSJF desc, Known-Error-first, Effort-divisor asc, Reported-date asc, ID asc)` so the rendered top-to-bottom row order matches `/wr-itil:work-problems` SKILL.md Step 3's tie-break selection 1:1. The first key (WSJF desc) sets the tier; within a tier the next three keys are the canonical tie-break ladder (Known Error before Open; smaller effort before larger; older Reported date before newer); ID asc is the deterministic final tiebreaker for full-tie cases. The table MUST include a `Reported` column so the third tie-break input is visible to README readers — without it, users cannot reconcile the rendered order against the orchestrator's selection. <!-- TIE-BREAK-LADDER-SOURCE: /wr-itil:work-problems SKILL.md Step 3 --> Any future change to the tie-break ladder MUST update this render block, the Step 7 P062 block, the Step 9e template, AND `/wr-itil:review-problems` SKILL.md Step 3 / Step 5 — drift here re-opens P138.
 1. After `Write`-ing the new `.open.md` file (and, for multi-concern splits per step 4b, after all split files are written), regenerate `docs/problems/README.md` in-place reflecting the new filename set.
-2. Update the "Last reviewed" line's parenthetical to name the new ticket (e.g. `P<NNN> opened — <one-line title>`) so the next session's fast-path check has a human-readable audit marker.
-3. `git add docs/problems/README.md` — the stage list at Step 11 must include it alongside the new `.open.md` file (Step 11's `git add -u` catch-all handles tracked-file modifications; the new README render lands via this path when README.md already exists in git, and via an explicit `git add docs/problems/README.md` when it is newly created).
+2. Update the "Last reviewed" line per the **Last-reviewed line discipline (P134)** subsection below — name the new ticket as the most-recent fragment (e.g. `P<NNN> opened — <one-line title>`); displaced prior fragments rotate to `docs/problems/README-history.md`.
+3. `git add docs/problems/README.md` — the stage list at Step 11 must include it alongside the new `.open.md` file (Step 11's `git add -u` catch-all handles tracked-file modifications; the new README render lands via this path when README.md already exists in git, and via an explicit `git add docs/problems/README.md` when it is newly created). When line-3 truncation displaces prior content, also `git add docs/problems/README-history.md`.
 For the multi-concern split path (step 4b), the refresh fires **once** after all split tickets are written, not per-split — a single render captures the full new set in one pass.
+#### Last-reviewed line discipline (P134)
+The "Last reviewed" line (line 3 of `docs/problems/README.md`) was designed as a short audit marker — one ticket name + one transition reason — but historically accumulated multi-paragraph session-summary fragments unbounded ("Prior:" stacking on every refresh). At ~62 KB / 76 KB it crossed the Read-tool 25K-token whole-file limit and could no longer be window-read at any offset/limit. P134 closes the accumulator on this surface; sibling to P099 on `docs/briefing/<topic>.md`.
+**Contract** — applies to every refresh that touches line 3 (Step 5 P094 creation, Step 6 P094 conditional update, Step 7 P062 transition; mirrored in `transition-problem`, `transition-problems`, `review-problems`, `reconcile-readme`):
+1. **Single most-recent fragment only on line 3.** The "Last reviewed" parenthetical names ONE event — the operation this refresh covers. Do NOT prepend a `Prior:` segment, do NOT stack multi-paragraph rationale, do NOT carry history forward inline.
+2. **Soft cap: ≤ 1024 bytes per fragment.** Authoring guidance — keep the fragment dense and audit-meaningful (ticket ID + verb + one-line summary + ADR/JTBD anchors when load-bearing). Multi-paragraph rationale belongs in retros, ticket bodies, and ADR amendments — never on line 3.
+3. **Archive sibling: `docs/problems/README-history.md`.** When this refresh would displace prior line-3 content, append the displaced content to `README-history.md` BEFORE writing the new line 3. Forward-chronology — newest fragment goes at the bottom under a date heading (`## YYYY-MM-DD`). The archive is a log; it's grep-and-tail territory, not display-tier (which is why its chronology diverges from the README's reverse-chrono surface convention).
+4. **Hard ceiling: 5120 bytes on line 3.** Matches ADR-040 Tier 3 envelope. Surfaced advisory-only by `packages/itil/scripts/check-problems-readme-budget.sh` — the script emits `OVER docs/problems/README.md line=3 bytes=<N> threshold=<N>` when the ceiling is breached. Always exits 0 (advisory; overflow is signal, not failure).
+**Mechanism** (when authoring a refresh):
+1. Read the current line 3 of the README (e.g. `awk 'NR==3' docs/problems/README.md`).
+2. If the current line 3 is non-empty AND the new fragment is not a near-duplicate (same ticket + same verb in the same session): append the current line 3 verbatim to `docs/problems/README-history.md` under a `## YYYY-MM-DD` heading (creating the heading on first append for that date; subsequent same-day appends nest under the existing heading).
+3. Compose the new line 3 as a single paragraph naming the operation only. Keep ≤ 1024 bytes.
+4. Replace line 3 of README.md with the new paragraph.
+5. Stage both files in the same commit as the ticket change per ADR-014: `git add docs/problems/README.md docs/problems/README-history.md`.
+**Fast-path interaction**: the Step 9 freshness check uses git-mtime on `docs/problems/README.md`, NOT the prose contents of line 3. Truncating line 3 does NOT degrade the fast-path contract.
+**Cross-references**: ADR-040 line 92 (reusable accumulator-doc pattern — explicitly names "problems index"), ADR-038 (progressive disclosure), ADR-014 (single-commit governance), `packages/itil/scripts/check-problems-readme-budget.sh`, `packages/itil/scripts/test/check-problems-readme-budget.bats`.
 ### 6. For updates: Edit the existing file
 Find the file matching the problem ID:
@@ -441,8 +464,8 @@ If the edit touched only `## Root Cause Analysis`, `## Symptoms`, `## Workaround
 **Mechanism** (when the trigger fires):
 1. Regenerate `docs/problems/README.md` using the same render rules as Step 7's P062 block — render, not re-rank. Trust every other ticket's stored WSJF; consume only this ticket's updated WSJF from the post-edit file.
-2. Update the "Last reviewed" line's parenthetical to name the re-rated ticket (e.g. `P<NNN> re-rated — <old-WSJF> → <new-WSJF>`).
-3. `git add docs/problems/README.md` so the refresh rides the same commit as the ticket update per ADR-014.
+2. Update the "Last reviewed" line per the **Last-reviewed line discipline (P134)** subsection in Step 5 above — name the re-rated ticket as the most-recent fragment (e.g. `P<NNN> re-rated — <old-WSJF> → <new-WSJF>`); displaced prior fragments rotate to `docs/problems/README-history.md`.
+3. `git add docs/problems/README.md` so the refresh rides the same commit as the ticket update per ADR-014. When line-3 truncation displaces prior content, also `git add docs/problems/README-history.md`.
 **Dependency ripple**: if this update changed the ticket's Effort, and the ticket is an upstream of other tickets (any ticket's `## Dependencies` → `**Blocked by**` list references this ID), the transitive-effort rule (P076) says dependents may need to re-rate too. The surgical render in this step does NOT re-walk the graph — that is Step 9b.1's job. If the dependency graph is known to be non-trivial, prefer `/wr-itil:review-problems` instead of a bare update; the review path handles the re-walk deterministically. The conditional refresh here is sufficient for the common case of a self-only re-rate.
@@ -552,7 +575,7 @@ The refresh uses the same rendering rules as Step 9e (glob `docs/problems/*.open
 1. After renaming + Editing + `git add`-ing the transitioned ticket file (per the staging-trap rule above), regenerate `docs/problems/README.md` in-place reflecting the new filename set and the transitioned ticket's new Status.
 2. `git add docs/problems/README.md` — stage the refreshed README with the same commit as the transition.
-3. Update the "Last reviewed" line's parenthetical to name the transition (e.g. `P<NNN> <status> — <one-line fix summary>`) so the next session's fast-path check has a human-readable audit marker alongside the git-history staleness test.
+3. Update the "Last reviewed" line per the **Last-reviewed line discipline (P134)** subsection in Step 5 above — name the transition as the most-recent fragment (e.g. `P<NNN> <status> — <one-line fix summary>`); displaced prior fragments rotate to `docs/problems/README-history.md`. When the rotation displaces prior content, the staged file set MUST include both `docs/problems/README.md` AND `docs/problems/README-history.md` per ADR-014 single-commit grain.
 **Scope**: fires for every Step 7 rename. Applies equally to:
 - Standalone transition commits (e.g. `docs(problems): P<NNN> known error — <summary>`).

package/skills/reconcile-readme/SKILL.md CHANGED Viewed

@@ -91,7 +91,7 @@ Render the Verification Queue row in the existing format:
 ### Step 4. Apply edits via Edit tool — preserve narrative
-This is the load-bearing step. Use the `Edit` tool to apply each row-level change. DO NOT regenerate the entire README from scratch — the long "Last reviewed: ..." prose paragraph at the top, and the per-Closed-row free-text closure-via column, are human-curated narrative that a full regeneration would destroy.
+This is the load-bearing step. Use the `Edit` tool to apply each row-level change. DO NOT regenerate the entire README from scratch — the per-Closed-row free-text closure-via column is human-curated narrative that a full regeneration would destroy. (The "Last reviewed:" line is now subject to the **Last-reviewed line discipline (P134)** described in Step 5 below — it carries only the most-recent fragment, not an ever-growing prose paragraph; the displaced history lives in `docs/problems/README-history.md`. Step 5 owns the line-3 update; Step 4 leaves it untouched.)
 For each REMOVE: `Edit` with the existing row as `old_string`, and remove it (replace with empty string) or replace with a re-positioned row in another section (REMOVE-from-WSJF-Rankings + ADD-to-Verification-Queue is two Edit operations: one to delete the WSJF row, one to insert the VQ row).
@@ -101,13 +101,21 @@ For each ADD to Verification Queue: append at the bottom of the VQ table (the ta
 After all edits, re-run `packages/itil/scripts/reconcile-readme.sh docs/problems` to confirm exit 0. If the second run still reports drift, investigate the residual edits — do NOT re-run reconciliation in a loop, as that hides systematic edit failures.
-### Step 5. Update the "Last reviewed" annotation
+### Step 5. Update the "Last reviewed" annotation per P134 truncation discipline
-Prepend (or append, per existing convention — the README uses a single ever-growing prose paragraph) a short note to the "Last reviewed:" paragraph of the form:
+Apply the **Last-reviewed line discipline (P134)** contract documented in `manage-problem` SKILL.md Step 5 — line 3 carries ONE most-recent fragment naming this reconciliation; the prior content rotates to `docs/problems/README-history.md` (forward-chronology archive, soft cap ≤ 1024 bytes per fragment, hard ceiling 5120 bytes per ADR-040 Tier 3 envelope, surfaced advisory-only by `packages/itil/scripts/check-problems-readme-budget.sh`).
-> 2026-MM-DD **README reconciled** — (N) drift entries corrected: <comma-separated ID list>. Reconciliation contract per P118 + ADR-014 amended ("Reconciliation as preflight robustness layer").
+**Mechanism**:
-Keep the note ≤ 200 bytes; the long narrative form belongs in retros and ADR amendments, not in this annotation. Do not re-write the existing prose.
+1. Read the current line 3 of `docs/problems/README.md` (e.g. `awk 'NR==3' docs/problems/README.md`).
+2. If the current line 3 is non-empty and not a same-day reconciliation duplicate, append it to `docs/problems/README-history.md` under a `## YYYY-MM-DD` heading (creating the heading on first append for that date).
+3. Replace line 3 of README.md with the new fragment of the form:
+> Last reviewed: 2026-MM-DD **README reconciled** — (N) drift entries corrected: <comma-separated ID list>. Reconciliation contract per P118 + ADR-014 amended ("Reconciliation as preflight robustness layer").
+Keep the new fragment ≤ 1024 bytes (soft cap) and certainly ≤ 5120 bytes (hard ceiling). Do NOT prepend `Prior:` segments. Do NOT re-write the existing prose inline — the displaced content lives in `README-history.md` going forward; truncation is the contract, not a side effect.
+**Rationale (P134)**: this skill previously documented the line as "an ever-growing prose paragraph". That convention is what produced the 76-KB line-3 that broke the Read tool entirely. The reconcile path was a load-bearing site of the bloat — every reconcile that happened under the old convention re-wrote line 3 unbounded. The new discipline closes the surface for reconcile parity with `manage-problem` Step 5 P094, Step 6 P094, Step 7 P062, and the sibling `transition-problem`, `transition-problems`, `review-problems` skills.
 ### Step 6. Commit (when invoked from an AFK orchestrator subprocess)

package/skills/review-problems/SKILL.md CHANGED Viewed

@@ -143,7 +143,7 @@ Fix released, awaiting user verification (driven off `docs/problems/*.verifying.
 ...
 ```
-The "Last reviewed" parenthetical should name any meaningful state change in this refresh (auto-transitions fired, priority flips, newly-stale tickets) so the next session's fast-path has a human-readable audit marker alongside the git-history staleness test.
+Apply the **Last-reviewed line discipline (P134)** contract documented in `manage-problem` SKILL.md Step 5 — line 3 carries ONE most-recent fragment naming the meaningful state change in this refresh (auto-transitions fired, priority flips, newly-stale tickets); displaced prior fragments rotate to `docs/problems/README-history.md` (forward-chronology archive, soft cap ≤ 1024 bytes per fragment, hard ceiling 5120 bytes per ADR-040 Tier 3 envelope, surfaced advisory-only by `packages/itil/scripts/check-problems-readme-budget.sh`). When the rotation displaces prior content, the staged file set MUST include both `docs/problems/README.md` AND `docs/problems/README-history.md` per ADR-014 single-commit grain.
 ### 6. Commit the refresh

package/skills/transition-problem/SKILL.md CHANGED Viewed

@@ -175,7 +175,7 @@ The refresh uses the same rendering rules as `/wr-itil:review-problems` Step 9e
 1. After renaming + Editing + `git add`-ing the transitioned ticket file (per the staging-trap rule above), regenerate `docs/problems/README.md` in-place reflecting the new filename set and the transitioned ticket's new Status.
 2. `git add docs/problems/README.md` — stage the refreshed README with the same commit as the transition.
-3. Update the "Last reviewed" line's parenthetical to name the transition (e.g. `P<NNN> <status> — <one-line fix summary>`) so the next session's fast-path check has a human-readable audit marker alongside the git-history staleness test.
+3. Update the "Last reviewed" line per the **Last-reviewed line discipline (P134)** contract documented in `manage-problem` SKILL.md Step 5 — name the transition as the most-recent fragment (e.g. `P<NNN> <status> — <one-line fix summary>`); displaced prior fragments rotate to `docs/problems/README-history.md` (forward-chronology archive, soft cap ≤ 1024 bytes per fragment, hard ceiling 5120 bytes per ADR-040 Tier 3 envelope, surfaced advisory-only by `packages/itil/scripts/check-problems-readme-budget.sh`). When the rotation displaces prior content, the staged file set MUST include both `docs/problems/README.md` AND `docs/problems/README-history.md` per ADR-014 single-commit grain.
 ### 8. Commit per ADR-014

package/skills/transition-problems/SKILL.md CHANGED Viewed

@@ -184,7 +184,7 @@ The refresh follows the same render rules as `/wr-itil:review-problems` Step 9e
 git add docs/problems/README.md
 ```
-Update the "Last reviewed" parenthetical to name the batch (e.g. `batch transition: P063 close, P067 close, P092 close, P094 close`).
+Update the "Last reviewed" line per the **Last-reviewed line discipline (P134)** contract documented in `manage-problem` SKILL.md Step 5 — name the batch as a SINGLE most-recent fragment summarising the cohort (e.g. `batch transition: P063 close, P067 close, P092 close, P094 close`); displaced prior fragments rotate to `docs/problems/README-history.md` ONCE for the entire batch, not per-pair. Soft cap ≤ 1024 bytes for the batch fragment — if the cohort would exceed it, abbreviate to ID + verb only and let the per-ticket bodies carry the rationale. When the rotation displaces prior content, also `git add docs/problems/README-history.md` so the same single batch commit per ADR-014 captures both files.
 **4b. Commit gate (per ADR-014).**