npm - @wooojin/forgen - Versions diffs - 0.3.2 → 0.4.0 - Mend

@wooojin/forgen 0.3.2 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/.claude-plugin/plugin.json +1 -1
package/CHANGELOG.md +64 -0
package/README.ja.md +61 -7
package/README.ko.md +15 -1
package/README.md +92 -6
package/README.zh.md +61 -7
package/dist/cli.js +137 -5
package/dist/core/auto-compound-runner.js +10 -2
package/dist/core/doctor.js +64 -10
package/dist/core/inspect-cli.js +65 -5
package/dist/core/state-gc.d.ts +19 -0
package/dist/core/state-gc.js +48 -4
package/dist/core/stats-cli.d.ts +15 -0
package/dist/core/stats-cli.js +143 -0
package/dist/core/uninstall.d.ts +1 -0
package/dist/core/uninstall.js +24 -1
package/dist/core/v1-bootstrap.js +9 -1
package/dist/engine/classify-enforce-cli.d.ts +8 -0
package/dist/engine/classify-enforce-cli.js +61 -0
package/dist/engine/enforce-classifier.d.ts +31 -0
package/dist/engine/enforce-classifier.js +123 -0
package/dist/engine/lifecycle/bypass-detector.d.ts +34 -0
package/dist/engine/lifecycle/bypass-detector.js +82 -0
package/dist/engine/lifecycle/lifecycle-cli.d.ts +7 -0
package/dist/engine/lifecycle/lifecycle-cli.js +102 -0
package/dist/engine/lifecycle/meta-cli.d.ts +4 -0
package/dist/engine/lifecycle/meta-cli.js +7 -0
package/dist/engine/lifecycle/meta-reclassifier.d.ts +78 -0
package/dist/engine/lifecycle/meta-reclassifier.js +351 -0
package/dist/engine/lifecycle/orchestrator.d.ts +32 -0
package/dist/engine/lifecycle/orchestrator.js +131 -0
package/dist/engine/lifecycle/signals.d.ts +30 -0
package/dist/engine/lifecycle/signals.js +142 -0
package/dist/engine/lifecycle/trigger-t1-correction.d.ts +23 -0
package/dist/engine/lifecycle/trigger-t1-correction.js +78 -0
package/dist/engine/lifecycle/trigger-t2-violation.d.ts +18 -0
package/dist/engine/lifecycle/trigger-t2-violation.js +42 -0
package/dist/engine/lifecycle/trigger-t3-bypass.d.ts +17 -0
package/dist/engine/lifecycle/trigger-t3-bypass.js +39 -0
package/dist/engine/lifecycle/trigger-t4-decay.d.ts +18 -0
package/dist/engine/lifecycle/trigger-t4-decay.js +40 -0
package/dist/engine/lifecycle/trigger-t5-conflict.d.ts +16 -0
package/dist/engine/lifecycle/trigger-t5-conflict.js +78 -0
package/dist/engine/lifecycle/types.d.ts +52 -0
package/dist/engine/lifecycle/types.js +7 -0
package/dist/engine/rule-toggle-cli.d.ts +13 -0
package/dist/engine/rule-toggle-cli.js +76 -0
package/dist/forge/evidence-processor.js +10 -2
package/dist/hooks/context-guard.js +71 -0
package/dist/hooks/post-tool-use.js +62 -0
package/dist/hooks/pre-tool-use.js +57 -1
package/dist/hooks/secret-filter.d.ts +10 -0
package/dist/hooks/secret-filter.js +20 -0
package/dist/hooks/shared/atomic-write.d.ts +8 -1
package/dist/hooks/shared/atomic-write.js +17 -3
package/dist/hooks/shared/hook-response.d.ts +11 -0
package/dist/hooks/shared/hook-response.js +18 -0
package/dist/hooks/shared/safe-regex.d.ts +25 -0
package/dist/hooks/shared/safe-regex.js +50 -0
package/dist/hooks/shared/stop-triggers.d.ts +19 -0
package/dist/hooks/shared/stop-triggers.js +19 -0
package/dist/hooks/stop-guard.d.ts +84 -0
package/dist/hooks/stop-guard.js +482 -0
package/dist/mcp/tools.js +19 -2
package/dist/store/evidence-store.d.ts +15 -0
package/dist/store/evidence-store.js +50 -1
package/dist/store/rule-lifecycle.d.ts +23 -0
package/dist/store/rule-lifecycle.js +63 -0
package/dist/store/rule-store.d.ts +21 -0
package/dist/store/rule-store.js +128 -8
package/dist/store/types.d.ts +83 -0
package/dist/store/types.js +7 -1
package/hooks/hook-registry.json +1 -0
package/hooks/hooks.json +6 -1
package/package.json +10 -2
package/plugin.json +1 -1

package/dist/cli.js CHANGED Viewed

@@ -169,13 +169,141 @@ const commands = [
     // 수동 재설치: node scripts/postinstall.js
     {
         name: 'uninstall',
-        description: 'Remove forgen from settings [--force]',
+        description: 'Remove forgen from settings [--force] [--purge (also deletes ~/.forgen/)]',
         handler: async (args) => {
             const { handleUninstall } = await import('./core/uninstall.js');
-            await handleUninstall(process.cwd(), { force: args.includes('--force') });
+            await handleUninstall(process.cwd(), {
+                force: args.includes('--force'),
+                purge: args.includes('--purge'),
+            });
+        },
+    },
+    {
+        name: 'rule',
+        description: 'Rule management (list|suppress|activate|scan|health-scan|classify)',
+        handler: async (args) => {
+            await handleRuleNamespace(args);
+        },
+    },
+    {
+        name: 'classify-enforce',
+        aliases: ['rule-classify'],
+        description: '[alias: rule classify] Propose enforce_via for rules (ADR-001 migration).',
+        handler: async (args) => {
+            const { handleClassifyEnforce } = await import('./engine/classify-enforce-cli.js');
+            await handleClassifyEnforce(args);
+        },
+    },
+    {
+        name: 'rule-meta-scan',
+        description: '[alias: rule health-scan] Scan drift for stuck-loop events and demote Mech-A rules.',
+        handler: async (args) => {
+            const { handleRuleMetaScan } = await import('./engine/lifecycle/meta-cli.js');
+            await handleRuleMetaScan(args);
+        },
+    },
+    {
+        name: 'lifecycle-scan',
+        description: '[alias: rule scan] Run all rule lifecycle triggers (T1~T5 + Meta).',
+        handler: async (args) => {
+            const { handleLifecycleScan } = await import('./engine/lifecycle/lifecycle-cli.js');
+            await handleLifecycleScan(args);
+        },
+    },
+    {
+        name: 'stats',
+        description: 'One-screen dashboard: active rules, corrections, blocks/bypass/drift (7d).',
+        handler: async (args) => {
+            const { handleStats } = await import('./core/stats-cli.js');
+            await handleStats(args);
+        },
+    },
+    {
+        name: 'last-block',
+        description: 'Show the most recent Mech-A/B block event with rule detail (R6-UX2).',
+        handler: async (_args) => {
+            const { handleInspect } = await import('./core/inspect-cli.js');
+            await handleInspect(['violations', '--last', '1']);
+        },
+    },
+    {
+        name: 'suppress-rule',
+        description: '[alias: rule suppress] Disable a rule by id/prefix. Hard rules refused.',
+        handler: async (args) => {
+            const { handleSuppressRule } = await import('./engine/rule-toggle-cli.js');
+            await handleSuppressRule(args);
+        },
+    },
+    {
+        name: 'activate-rule',
+        description: '[alias: rule activate] Re-activate a suppressed rule by id/prefix.',
+        handler: async (args) => {
+            const { handleActivateRule } = await import('./engine/rule-toggle-cli.js');
+            await handleActivateRule(args);
         },
     },
 ];
+// ---------------------------------------------------------------------------
+// `forgen rule <subcommand>` — user-facing namespace (R9-IA1)
+// Thin dispatcher that routes to existing handlers. Top-level legacy commands
+// (suppress-rule, activate-rule, lifecycle-scan, rule-meta-scan, classify-enforce)
+// remain as backward-compatible aliases.
+// ---------------------------------------------------------------------------
+async function handleRuleNamespace(args) {
+    const sub = args[0];
+    const rest = args.slice(1);
+    if (!sub || sub === 'help' || sub === '--help' || sub === '-h') {
+        console.log(`
+  forgen rule — manage personalization rules
+  Usage:
+    forgen rule list                       List all rules (alias: inspect rules)
+    forgen rule suppress <id-or-prefix>    Disable a rule (hard rules refused)
+    forgen rule activate <id-or-prefix>    Re-activate a suppressed rule
+    forgen rule scan [--apply]             Run lifecycle triggers (promote/demote/retire)
+    forgen rule health-scan [--apply]      Scan drift → Mech downgrade candidates
+    forgen rule classify [--apply] [--force]
+                                           Propose enforce_via for legacy rules
+`);
+        return;
+    }
+    switch (sub) {
+        case 'list': {
+            const { handleInspect } = await import('./core/inspect-cli.js');
+            await handleInspect(['rules', ...rest]);
+            return;
+        }
+        case 'suppress': {
+            const { handleSuppressRule } = await import('./engine/rule-toggle-cli.js');
+            await handleSuppressRule(rest);
+            return;
+        }
+        case 'activate': {
+            const { handleActivateRule } = await import('./engine/rule-toggle-cli.js');
+            await handleActivateRule(rest);
+            return;
+        }
+        case 'scan': {
+            const { handleLifecycleScan } = await import('./engine/lifecycle/lifecycle-cli.js');
+            await handleLifecycleScan(rest);
+            return;
+        }
+        case 'health-scan': {
+            const { handleRuleMetaScan } = await import('./engine/lifecycle/meta-cli.js');
+            await handleRuleMetaScan(rest);
+            return;
+        }
+        case 'classify': {
+            const { handleClassifyEnforce } = await import('./engine/classify-enforce-cli.js');
+            await handleClassifyEnforce(rest);
+            return;
+        }
+        default: {
+            console.error(`[forgen] Unknown rule subcommand: ${sub}\n  Run "forgen rule help" for options.`);
+            process.exit(1);
+        }
+    }
+}
 /** 최소 편집 거리 (유사 명령 제안용) */
 function levenshtein(a, b) {
     const m = a.length, n = b.length;
@@ -298,8 +426,12 @@ function printHelp() {
   Commands:
     forgen forge                    Personalize your coding profile
     forgen onboarding               Run 2-question onboarding
-    forgen inspect [profile|rules|evidence|session]
-                                    Inspect v1 state
+    forgen inspect [profile|rules|corrections|session]
+                                    Inspect v1 state (alias: evidence → corrections)
+    forgen rule <list|suppress|activate|scan|health-scan|classify>
+                                    Rule management (see: forgen rule help)
+    forgen stats                    One-screen trust-layer dashboard
+    forgen last-block               Show the most recent block event
     forgen compound                 Manage accumulated knowledge
     forgen dashboard                Compound system dashboard
     forgen me                       Personal dashboard
@@ -308,7 +440,7 @@ function printHelp() {
     forgen mcp                      MCP server management
     forgen skill promote|list       Skill management
     forgen notepad show|add|clear   Session notepad
-    forgen doctor                   System diagnostics
+    forgen doctor [--prune-state]   System diagnostics (+ daily T4 decay on prune)
     forgen uninstall                Remove forgen
   Harness mode (default):

package/dist/core/auto-compound-runner.js CHANGED Viewed

@@ -14,6 +14,7 @@ import * as path from 'node:path';
 import * as os from 'node:os';
 import { execFileSync } from 'node:child_process';
 import { containsPromptInjection, filterSolutionContent } from '../hooks/prompt-injection-filter.js';
+import { redactSecrets } from '../hooks/secret-filter.js';
 import { createEvidence, saveEvidence, promoteSessionCandidates } from '../store/evidence-store.js';
 import { loadProfile } from '../store/profile-store.js';
 /** Auto-compound에 사용할 모델 — background 추출이므로 haiku로 충분 */
@@ -212,9 +213,16 @@ function mergeOrCreateBehavior(dir, newContent, kind, today) {
     return false;
 }
 try {
-    const summary = extractSummary(transcriptPath);
-    if (summary.length < 200)
+    const rawSummary = extractSummary(transcriptPath);
+    if (rawSummary.length < 200)
         process.exit(0);
+    // R5-G2 (P0 security): transcript 를 Claude 로 송신하기 전 API key / 토큰 / 비밀번호 /
+    // private key blocks 를 [REDACTED:...] 로 치환. 사용자가 채팅에 pasted 한 자격증명이
+    // auto-compound 를 통해 외부 API 로 누출되는 채널 차단.
+    const { redacted: summary, hits: secretHits } = redactSecrets(rawSummary);
+    if (secretHits.length > 0) {
+        process.stderr.write(`[forgen-auto-compound] redacted ${secretHits.length} secret(s) before send: ${secretHits.map((s) => s.name).join(', ')}\n`);
+    }
     // 보안: 프롬프트 인젝션이 포함된 transcript는 분석하지 않음
     if (containsPromptInjection(summary)) {
         process.exit(0);

package/dist/core/doctor.js CHANGED Viewed

@@ -2,15 +2,24 @@ import * as fs from 'node:fs';
 import * as os from 'node:os';
 import * as path from 'node:path';
 import { execFileSync } from 'node:child_process';
-import { FORGEN_HOME, LAB_DIR, ME_BEHAVIOR, ME_DIR, ME_PHILOSOPHY, ME_SOLUTIONS, ME_RULES, ME_SKILLS, PACKS_DIR, SESSIONS_DIR, STATE_DIR } from './paths.js';
+import { FORGEN_HOME, LAB_DIR, ME_BEHAVIOR, ME_DIR, ME_SOLUTIONS, ME_RULES, ME_SKILLS, PACKS_DIR, SESSIONS_DIR, STATE_DIR } from './paths.js';
 import { getTimingStats } from '../hooks/shared/hook-timing.js';
 import { countSessionScopedFiles, pruneState } from './state-gc.js';
 /** ~/.claude/projects/ — Claude Code 세션 저장 경로 */
 const CLAUDE_PROJECTS_DIR = path.join(os.homedir(), '.claude', 'projects');
+let currentSection = '';
+let failedChecks = [];
+function section(name) {
+    currentSection = name;
+    console.log(`  [${name}]`);
+}
 function check(label, condition, hint) {
     const icon = condition ? '✓' : '✗';
     const hintStr = !condition && hint ? ` — ${hint}` : '';
     console.log(`  ${icon} ${label}${hintStr}`);
+    if (!condition) {
+        failedChecks.push({ section: currentSection, label, hint });
+    }
 }
 function exists(p) {
     return fs.existsSync(p);
@@ -26,14 +35,15 @@ function commandExists(cmd) {
     }
 }
 export async function runDoctor(opts = {}) {
+    failedChecks = [];
     console.log('\n  Forgen — Diagnostics\n');
-    console.log('  [Tools]');
+    section('Tools');
     check('claude CLI', commandExists('claude'));
     check('tmux', commandExists('tmux'));
     check('git', commandExists('git'));
     check('gh (GitHub CLI)', commandExists('gh'), 'Required for team PR features: brew install gh');
     console.log();
-    console.log('  [Plugins]');
+    section('Plugins');
     const ralphLoopInstalled = exists(path.join(os.homedir(), '.claude', 'plugins', 'cache', 'claude-plugins-official', 'ralph-loop'));
     check('ralph-loop plugin', ralphLoopInstalled, 'Required for ralph mode auto-iteration. Install: claude plugins install ralph-loop');
     // forgen 플러그인 캐시 디렉토리 확인 — 훅 실행의 필수 전제
@@ -68,7 +78,7 @@ export async function runDoctor(opts = {}) {
     }
     check('forgen plugin registered & installPath exists', pluginRegistered, 'Plugin registered but installPath missing on disk. Fix: npm run build && node scripts/postinstall.js');
     console.log();
-    console.log('  [Directories]');
+    section('Directories');
     check('~/.forgen/', exists(FORGEN_HOME));
     check('~/.forgen/me/', exists(ME_DIR));
     check('~/.forgen/me/solutions/', exists(ME_SOLUTIONS));
@@ -76,13 +86,24 @@ export async function runDoctor(opts = {}) {
     check('~/.forgen/me/rules/', exists(ME_RULES));
     check('~/.forgen/packs/', exists(PACKS_DIR));
     check('~/.forgen/sessions/', exists(SESSIONS_DIR));
+    // R9-IA5: warn if a user dropped rule files at ~/.forgen/rules/ by mistake.
+    // That path is NOT loaded — personal rules live at ~/.forgen/me/rules/.
+    const legacyRulesPath = path.join(FORGEN_HOME, 'rules');
+    if (exists(legacyRulesPath) && legacyRulesPath !== ME_RULES) {
+        try {
+            const files = fs.readdirSync(legacyRulesPath).filter((f) => f.endsWith('.json'));
+            if (files.length > 0) {
+                check(`~/.forgen/rules/ (${files.length} orphan file(s))`, false, `This path is NOT loaded. Move files to ~/.forgen/me/rules/ or delete them.`);
+            }
+        }
+        catch {
+            // permission / symlink issue — diagnostics must not crash
+        }
+    }
     console.log();
-    console.log('  [Philosophy]');
-    check('philosophy.json', exists(ME_PHILOSOPHY));
-    console.log();
-    console.log('  [Environment]');
-    check('Inside tmux session', !!process.env.TMUX);
-    check('FORGEN_HARNESS env var', (process.env.FORGEN_HARNESS ?? process.env.COMPOUND_HARNESS) === '1');
+    section('Environment');
+    check('Inside tmux session', !!process.env.TMUX, 'FORGEN auto-compound relies on tmux. Launch: tmux new -s forgen');
+    check('FORGEN_HARNESS env var', (process.env.FORGEN_HARNESS ?? process.env.COMPOUND_HARNESS) === '1', 'Set by `forgen` / `fgx` launcher. Hooks assume harness mode is active.');
     console.log();
     // 솔루션/규칙 수
     if (exists(ME_SOLUTIONS)) {
@@ -323,6 +344,15 @@ export async function runDoctor(opts = {}) {
         const report = pruneState({ dryRun: false });
         const mb = (report.bytesFreed / 1024 / 1024).toFixed(2);
         console.log(`  → Pruned ${report.pruned}/${report.scanned} files (${mb} MB freed, >${report.retentionDays}d old)`);
+        // ADR-002 T4 — 90d 미주입 rule retire. pruneState 와 함께 "하루 한번 정돈" 의미 공유.
+        try {
+            const { runDailyT4Decay } = await import('./state-gc.js');
+            const t4 = await runDailyT4Decay({ dryRun: false });
+            if (t4.retired > 0) {
+                console.log(`  → Retired ${t4.retired} rule(s) (T4 time-decay): ${t4.sample.join(', ')}`);
+            }
+        }
+        catch { /* fail-open */ }
     }
     console.log();
     // 현재 디렉토리 git 정보
@@ -336,4 +366,28 @@ export async function runDoctor(opts = {}) {
         console.log('  git remote: (none)');
     }
     console.log();
+    // [Summary] — 최종 상태 요약과 복구 액션을 한눈에 보이게
+    console.log('  [Summary]');
+    if (failedChecks.length === 0) {
+        console.log('  ✓ All diagnostics passed. Forgen is ready.');
+    }
+    else {
+        console.log(`  ✗ ${failedChecks.length} check(s) failed:\n`);
+        const bySection = new Map();
+        for (const f of failedChecks) {
+            if (!bySection.has(f.section))
+                bySection.set(f.section, []);
+            bySection.get(f.section).push(f);
+        }
+        for (const [sec, items] of bySection) {
+            console.log(`    [${sec}]`);
+            for (const item of items) {
+                console.log(`      • ${item.label}`);
+                if (item.hint)
+                    console.log(`        → ${item.hint}`);
+            }
+        }
+        console.log('\n  Run `forgen doctor` again after applying the fixes above.');
+    }
+    console.log();
 }

package/dist/core/inspect-cli.js CHANGED Viewed

@@ -5,6 +5,7 @@
  * Authoritative: docs/plans/2026-04-03-forgen-rule-renderer-spec.md §6
  */
 import * as fs from 'node:fs';
+import * as os from 'node:os';
 import * as path from 'node:path';
 import { loadProfile } from '../store/profile-store.js';
 import { loadAllRules, loadActiveRules } from '../store/rule-store.js';
@@ -78,7 +79,8 @@ export async function handleInspect(args) {
         console.log('\n' + inspect.renderRules(rules) + '\n');
         return;
     }
-    if (sub === 'evidence') {
+    // R9-IA2: user-facing name is "corrections"; "evidence" kept as back-compat alias.
+    if (sub === 'corrections' || sub === 'evidence') {
         const evidence = loadRecentEvidence(20);
         console.log('\n' + inspect.renderEvidence(evidence) + '\n');
         return;
@@ -92,9 +94,67 @@ export async function handleInspect(args) {
         console.log('\n' + inspect.renderSession(sessions[0]) + '\n');
         return;
     }
+    // R5-G1: 2AM 디버깅용 jsonl tail — violations/bypass/drift
+    if (sub === 'violations' || sub === 'bypass' || sub === 'drift') {
+        const limit = Number(args[args.indexOf('--last') + 1]) || 20;
+        const fileMap = {
+            violations: 'violations.jsonl',
+            bypass: 'bypass.jsonl',
+            drift: 'drift.jsonl',
+        };
+        const p = path.join(os.homedir(), '.forgen', 'state', 'enforcement', fileMap[sub]);
+        if (!fs.existsSync(p)) {
+            console.log(`\n  No ${sub} data (${p} not found).\n`);
+            return;
+        }
+        const lines = fs.readFileSync(p, 'utf-8').trim().split('\n').filter(Boolean);
+        const tail = lines.slice(-limit);
+        console.log(`\n  ${sub} (last ${tail.length} of ${lines.length}):`);
+        // rule_id별 집계
+        const byRule = new Map();
+        for (const line of lines) {
+            try {
+                const entry = JSON.parse(line);
+                const rid = entry.rule_id ?? 'unknown';
+                byRule.set(rid, (byRule.get(rid) ?? 0) + 1);
+            }
+            catch { /* skip malformed */ }
+        }
+        if (byRule.size > 0) {
+            console.log('  Aggregate (rule_id → count):');
+            for (const [rid, count] of [...byRule.entries()].sort((a, b) => b[1] - a[1]).slice(0, 10)) {
+                console.log(`    ${rid.slice(0, 24).padEnd(24)} ${count}`);
+            }
+        }
+        // R7-U3: rule_id 전체 표시 + kind + source 분리 + resolve hint footer.
+        console.log('\n  Recent (time — rule_id — kind@source — preview):');
+        for (const line of tail) {
+            try {
+                const e = JSON.parse(line);
+                const when = (e.at ?? '').slice(0, 19);
+                const rid = (e.rule_id ?? '-').slice(0, 24); // 8자→24자 (prefix match 가능 길이)
+                const kind = (e.kind ?? '-');
+                const source = (e.source ?? '-');
+                const preview = (e.message_preview ?? e.reason_preview ?? e.pattern_preview ?? '').slice(0, 60);
+                console.log(`    ${when}  ${rid.padEnd(24)}  ${String(kind).padEnd(10)}@${String(source).padEnd(14)}  ${preview}`);
+            }
+            catch { /* skip */ }
+        }
+        console.log('');
+        // R7-U3 footer: resolve hint
+        console.log('  Resolve:');
+        console.log('    Disable a rule:   forgen suppress-rule <rule_id>');
+        console.log('    Re-enable:        forgen activate-rule <rule_id>');
+        console.log('    Temp bypass turn: set FORGEN_USER_CONFIRMED=1 (audited)');
+        console.log('');
+        return;
+    }
     console.log(`  Usage:
-    forgen inspect profile   — 현재 profile 상태
-    forgen inspect rules     — active/suppressed 규칙 목록
-    forgen inspect evidence  — 최근 evidence 목록
-    forgen inspect session   — 현재/최근 세션 상태`);
+    forgen inspect profile               — 현재 profile 상태
+    forgen inspect rules                 — active/suppressed 규칙 목록
+    forgen inspect corrections           — 최근 corrections / behavior 기록 (alias: evidence)
+    forgen inspect session               — 현재/최근 세션 상태
+    forgen inspect violations [--last N] — 최근 block 기록
+    forgen inspect bypass     [--last N] — 사용자 우회 기록
+    forgen inspect drift      [--last N] — stuck-loop force-approve 기록`);
 }

package/dist/core/state-gc.d.ts CHANGED Viewed

@@ -23,6 +23,25 @@ export interface PruneOptions {
  * deletion via `dryRun: false`.
  */
 export declare function pruneState(opts?: PruneOptions): PruneReport;
+/**
+ * ADR-002 T4 — daily rule decay scanner.
+ *
+ * `~/.forgen/me/rules` 전체를 훑어 `last_inject_at < now - decay_days` 인 active rule 을
+ * retire phase 로 전이시킨다. 실제 파일 삭제가 아니라 status='removed' + phase='retired'.
+ *
+ * 호출 지점: `forgen doctor --prune-state` 또는 `forgen lifecycle-scan --apply` 그리고
+ * 별도 cron/CI scheduler 에서도 호출 가능. dryRun=true 기본.
+ */
+export declare function runDailyT4Decay(opts?: {
+    decayDays?: number;
+    dryRun?: boolean;
+    now?: number;
+}): Promise<{
+    scanned: number;
+    retired: number;
+    sample: string[];
+    dryRun: boolean;
+}>;
 /**
  * Count session-scoped files in STATE_DIR without deleting. Used by doctor
  * to surface a warning when the directory is bloated.

package/dist/core/state-gc.js CHANGED Viewed

@@ -94,15 +94,59 @@ export function pruneState(opts = {}) {
     // outcomes/*.jsonl: one file per session, session-scoped by design.
     // These compound over time exactly like state session files.
     const outcomes = pruneDir(outcomesDir, cutoff, dryRun, (n) => n.endsWith('.jsonl'));
+    // ADR-002 block-count directory — session-scoped per rule. F-M block-count GC.
+    const blockCountDir = path.join(stateDir, 'enforcement', 'block-count');
+    const blockCounters = pruneDir(blockCountDir, cutoff, dryRun, (n) => n.endsWith('.json'));
     return {
-        scanned: state.scanned + outcomes.scanned,
-        pruned: state.pruned + outcomes.pruned,
-        bytesFreed: state.bytes + outcomes.bytes,
+        scanned: state.scanned + outcomes.scanned + blockCounters.scanned,
+        pruned: state.pruned + outcomes.pruned + blockCounters.pruned,
+        bytesFreed: state.bytes + outcomes.bytes + blockCounters.bytes,
         retentionDays: Math.round(retentionMs / (24 * 60 * 60 * 1000)),
         dryRun,
-        sample: [...state.sample, ...outcomes.sample].slice(0, 20),
+        sample: [...state.sample, ...outcomes.sample, ...blockCounters.sample].slice(0, 20),
     };
 }
+/**
+ * ADR-002 T4 — daily rule decay scanner.
+ *
+ * `~/.forgen/me/rules` 전체를 훑어 `last_inject_at < now - decay_days` 인 active rule 을
+ * retire phase 로 전이시킨다. 실제 파일 삭제가 아니라 status='removed' + phase='retired'.
+ *
+ * 호출 지점: `forgen doctor --prune-state` 또는 `forgen lifecycle-scan --apply` 그리고
+ * 별도 cron/CI scheduler 에서도 호출 가능. dryRun=true 기본.
+ */
+export async function runDailyT4Decay(opts = {}) {
+    const decayDays = opts.decayDays ?? 90;
+    const dryRun = opts.dryRun ?? true;
+    const now = opts.now ?? Date.now();
+    try {
+        const [{ loadAllRules, saveRule }, { detect: detectT4 }, { collectAllSignals }, { appendLifecycleEvents }, { foldEvents }] = await Promise.all([
+            import('../store/rule-store.js'),
+            import('../engine/lifecycle/trigger-t4-decay.js'),
+            import('../engine/lifecycle/signals.js'),
+            import('../engine/lifecycle/meta-reclassifier.js'),
+            import('../engine/lifecycle/orchestrator.js'),
+        ]);
+        const rules = loadAllRules();
+        const signals = collectAllSignals(rules, { now });
+        const events = detectT4({ rules, signals, decay_days: decayDays, ts: now });
+        const report = { scanned: rules.length, retired: events.length, sample: events.map((e) => e.rule_id.slice(0, 8)), dryRun };
+        if (!dryRun && events.length > 0) {
+            const folded = foldEvents(rules, events, now);
+            for (const [id, updated] of folded.entries()) {
+                const original = rules.find((r) => r.rule_id === id);
+                if (!original || updated === original)
+                    continue;
+                saveRule(updated);
+            }
+            appendLifecycleEvents(events, now);
+        }
+        return report;
+    }
+    catch {
+        return { scanned: 0, retired: 0, sample: [], dryRun };
+    }
+}
 /**
  * Count session-scoped files in STATE_DIR without deleting. Used by doctor
  * to surface a warning when the directory is bloated.

package/dist/core/stats-cli.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+export interface StatsSnapshot {
+    activeRules: number;
+    suppressedRules: number;
+    correctionsTotal: number;
+    corrections7d: number;
+    blocks7d: number;
+    acks7d: number;
+    bypass7d: number;
+    drift7d: number;
+    retired7d: number;
+    lastExtraction: string;
+}
+export declare function computeStats(): StatsSnapshot;
+export declare function renderStats(s: StatsSnapshot): string;
+export declare function handleStats(_args: string[]): Promise<void>;

package/dist/core/stats-cli.js ADDED Viewed

@@ -0,0 +1,143 @@
+/**
+ * R9-PA1: `forgen stats` — 7-number single-screen dashboard.
+ *
+ * Pure aggregation over existing jsonl sources. No new telemetry; surfaces
+ * what forgen is *already* learning so users can verify the trust layer is
+ * working between Claude sessions.
+ */
+import * as fs from 'node:fs';
+import * as os from 'node:os';
+import * as path from 'node:path';
+import { loadAllRules } from '../store/rule-store.js';
+import { loadRecentEvidence } from '../store/evidence-store.js';
+const ENFORCEMENT_DIR = path.join(os.homedir(), '.forgen', 'state', 'enforcement');
+const LIFECYCLE_DIR = path.join(os.homedir(), '.forgen', 'state', 'lifecycle');
+const STATE_DIR = path.join(os.homedir(), '.forgen', 'state');
+const MS_PER_DAY = 24 * 60 * 60 * 1000;
+function readJsonl(p) {
+    if (!fs.existsSync(p))
+        return [];
+    const out = [];
+    for (const line of fs.readFileSync(p, 'utf-8').split('\n')) {
+        if (!line.trim())
+            continue;
+        try {
+            out.push(JSON.parse(line));
+        }
+        catch { /* skip malformed */ }
+    }
+    return out;
+}
+function countWithin(entries, days, tsKey = 'at') {
+    const cutoff = Date.now() - days * MS_PER_DAY;
+    let n = 0;
+    for (const e of entries) {
+        const raw = e[tsKey];
+        if (typeof raw !== 'string')
+            continue;
+        const t = Date.parse(raw);
+        if (Number.isFinite(t) && t >= cutoff)
+            n += 1;
+    }
+    return n;
+}
+function readLifecycleRetired(days) {
+    if (!fs.existsSync(LIFECYCLE_DIR))
+        return 0;
+    const cutoff = Date.now() - days * MS_PER_DAY;
+    let n = 0;
+    for (const f of fs.readdirSync(LIFECYCLE_DIR)) {
+        if (!f.endsWith('.jsonl'))
+            continue;
+        for (const entry of readJsonl(path.join(LIFECYCLE_DIR, f))) {
+            const action = entry.suggested_action;
+            const ts = typeof entry.ts === 'number' ? entry.ts : Date.parse(String(entry.ts ?? ''));
+            if (!Number.isFinite(ts) || ts < cutoff)
+                continue;
+            if (action === 'retire' || action === 'supersede')
+                n += 1;
+        }
+    }
+    return n;
+}
+function readLastExtraction() {
+    const p = path.join(STATE_DIR, 'last-extraction.json');
+    if (!fs.existsSync(p))
+        return 'never';
+    try {
+        const data = JSON.parse(fs.readFileSync(p, 'utf-8'));
+        const ts = data.timestamp ?? data.date;
+        if (!ts)
+            return 'never';
+        const diffDays = Math.floor((Date.now() - Date.parse(ts)) / MS_PER_DAY);
+        const dateStr = new Date(ts).toISOString().slice(0, 10);
+        if (diffDays === 0)
+            return `${dateStr} (today)`;
+        if (diffDays === 1)
+            return `${dateStr} (yesterday)`;
+        return `${dateStr} (${diffDays}d ago)`;
+    }
+    catch {
+        return 'unknown';
+    }
+}
+export function computeStats() {
+    const rules = loadAllRules();
+    const activeRules = rules.filter((r) => r.status === 'active').length;
+    const suppressedRules = rules.filter((r) => r.status === 'suppressed').length;
+    const evidence = loadRecentEvidence(500);
+    const corrections = evidence.filter((e) => e.type === 'explicit_correction');
+    const correctionsTotal = corrections.length;
+    const cutoff7d = Date.now() - 7 * MS_PER_DAY;
+    const corrections7d = corrections.filter((e) => Date.parse(e.timestamp) >= cutoff7d).length;
+    const violations = readJsonl(path.join(ENFORCEMENT_DIR, 'violations.jsonl'));
+    const bypass = readJsonl(path.join(ENFORCEMENT_DIR, 'bypass.jsonl'));
+    const drift = readJsonl(path.join(ENFORCEMENT_DIR, 'drift.jsonl'));
+    const acks = readJsonl(path.join(ENFORCEMENT_DIR, 'acknowledgments.jsonl'));
+    // R9-PA2: violations 는 'block' (stop-guard/post-tool) + 'deny' (pre-tool Mech-A)
+    // + 'correction' (user bypass audit) 혼재. 사용자 관점에서 "Block" 은 앞의 2종이며
+    // correction 은 제외해야 ack ratio 가 의미를 갖는다. legacy-undefined 엔트리도 포함.
+    const realBlocks = violations.filter((e) => e.kind === 'block' || e.kind === 'deny' || e.kind === undefined);
+    return {
+        activeRules,
+        suppressedRules,
+        correctionsTotal,
+        corrections7d,
+        blocks7d: countWithin(realBlocks, 7),
+        acks7d: countWithin(acks, 7),
+        bypass7d: countWithin(bypass, 7),
+        drift7d: countWithin(drift, 7),
+        retired7d: readLifecycleRetired(7),
+        lastExtraction: readLastExtraction(),
+    };
+}
+function padNum(n, width = 4) {
+    return String(n).padStart(width);
+}
+export function renderStats(s) {
+    const lines = [];
+    lines.push('');
+    lines.push('  forgen — trust layer status');
+    lines.push('  ───────────────────────────');
+    lines.push(`  Active rules          ${padNum(s.activeRules)}    (${s.suppressedRules} suppressed)`);
+    lines.push(`  Corrections (total)   ${padNum(s.correctionsTotal)}    (+${s.corrections7d} last 7d)`);
+    lines.push('');
+    lines.push('  Last 7 days');
+    // R9-PA2: ack rate = block→retract→pass 루프가 실제 작동한 비율.
+    const ackRateLabel = s.blocks7d > 0
+        ? `(${Math.round((s.acks7d / s.blocks7d) * 100)}% acknowledged)`
+        : '';
+    lines.push(`    Blocks              ${padNum(s.blocks7d)}    — times Claude was asked to retract ${ackRateLabel}`);
+    lines.push(`    Acknowledgments     ${padNum(s.acks7d)}    — block → retract → pass loops`);
+    lines.push(`    Bypass              ${padNum(s.bypass7d)}    — user overrides`);
+    lines.push(`    Drift events        ${padNum(s.drift7d)}    — stuck-loop force-approves`);
+    lines.push(`    Retired rules       ${padNum(s.retired7d)}    — superseded or timed out`);
+    lines.push('');
+    lines.push(`  Last extraction: ${s.lastExtraction}`);
+    lines.push('');
+    return lines.join('\n');
+}
+export async function handleStats(_args) {
+    const snap = computeStats();
+    console.log(renderStats(snap));
+}

package/dist/core/uninstall.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 /** forgen uninstall 메인 */
 export declare function handleUninstall(cwd: string, options: {
     force?: boolean;
+    purge?: boolean;
 }): Promise<void>;