@xera-ai/core 0.1.6 → 0.3.0

package/dist/bin/internal.js

@@ -1,241 +1,1254 @@
 #!/usr/bin/env bun
 // @bun
 
-// src/bin-internal/fetch.ts
-import { writeFileSync as writeFileSync3, mkdirSync as mkdirSync3 } from "fs";
-import { dirname as dirname2 } from "path";
+// src/bin-internal/doctor.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, readdirSync } from "fs";
+import { join as join2 } from "path";
 
-// src/config/load.ts
-import { existsSync } from "fs";
+// src/bin-internal/verify-prompts.ts
+import { existsSync, readFileSync } from "fs";
 import { join } from "path";
-import { pathToFileURL } from "url";
+var IN_SCOPE_PROMPTS = [
+  "feature-from-story.md",
+  "script-from-feature.md",
+  "heal-locator.md"
+];
+var REQUIRED_SECTION_HEADING = "## Handling untrusted input";
+var REQUIRED_KEYWORDS = ["UNTRUSTED", "injection-follow", "<XR_"];
+function verifyPrompts(repoRoot) {
+  const promptsDir = join(repoRoot, "packages/prompts");
+  const results = [];
+  for (const filename of IN_SCOPE_PROMPTS) {
+    const path = join(promptsDir, filename);
+    if (!existsSync(path)) {
+      results.push({
+        ok: false,
+        message: `${filename}: file missing at packages/prompts/${filename}`
+      });
+      continue;
+    }
+    const text = readFileSync(path, "utf8");
+    if (!text.includes(REQUIRED_SECTION_HEADING)) {
+      results.push({
+        ok: false,
+        message: `${filename}: missing required section "${REQUIRED_SECTION_HEADING}"`
+      });
+      continue;
+    }
+    for (const keyword of REQUIRED_KEYWORDS) {
+      if (!text.includes(keyword)) {
+        results.push({
+          ok: false,
+          message: `${filename}: missing required keyword "${keyword}" (expected in "${REQUIRED_SECTION_HEADING}" section)`
+        });
+      }
+    }
+  }
+  return results;
+}
+async function verifyPromptsCmd(_argv) {
+  const results = verifyPrompts(process.cwd());
+  if (results.length === 0) {
+    console.log("[xera:verify-prompts] ok");
+    return 0;
+  }
+  for (const r of results)
+    console.error(`[xera:verify-prompts] ${r.message}`);
+  return 1;
+}
 
-// src/config/schema.ts
+// src/bin-internal/doctor.ts
+var REQUIRED_FILES_PER_STAGE = {
+  "feature-from-story": ["golden/test.feature"],
+  "script-from-feature": ["golden/spec-requirements.md"],
+  "diagnose-failure": []
+};
+var REQUIRED_SCRIPTS = [
+  "xera:eval-prepare",
+  "xera:eval-deterministic",
+  "xera:eval-report",
+  "xera:verify-prompts",
+  "xera:doctor"
+];
+function frontmatterField(content, field) {
+  const m = content.match(new RegExp(`^${field}:\\s*(\\S+)\\s*$`, "m"));
+  return m?.[1] ?? null;
+}
+function checkGoldenEvalDir(repoRoot) {
+  const root = join2(repoRoot, "fixtures/golden-eval");
+  if (!existsSync2(root))
+    return [{ ok: false, message: "fixtures/golden-eval/ does not exist" }];
+  const dirs = readdirSync(root, { withFileTypes: true }).filter((e) => e.isDirectory() && !e.name.startsWith("."));
+  const results = [];
+  if (dirs.length < 3) {
+    results.push({
+      ok: false,
+      message: `fixtures/golden-eval/ has ${dirs.length} ticket dir(s); need \u2265 3`
+    });
+  }
+  for (const entry of dirs) {
+    const dir = join2(root, entry.name);
+    const metaPath = join2(dir, "meta.json");
+    if (!existsSync2(metaPath)) {
+      results.push({ ok: false, message: `${entry.name}: meta.json missing` });
+      continue;
+    }
+    let meta;
+    try {
+      meta = JSON.parse(readFileSync2(metaPath, "utf8"));
+    } catch (err) {
+      results.push({
+        ok: false,
+        message: `${entry.name}: meta.json parse error: ${err.message}`
+      });
+      continue;
+    }
+    const stages = Array.isArray(meta.stages) ? meta.stages : [];
+    if (stages.length === 0)
+      results.push({ ok: false, message: `${entry.name}: meta.stages is empty` });
+    if (!existsSync2(join2(dir, "story.md")))
+      results.push({ ok: false, message: `${entry.name}: story.md missing` });
+    for (const stage of stages) {
+      const required = REQUIRED_FILES_PER_STAGE[stage] ?? [];
+      for (const rel of required) {
+        if (!existsSync2(join2(dir, rel))) {
+          results.push({
+            ok: false,
+            message: `${meta.id ?? entry.name}: stage "${stage}" declared but ${rel} missing`
+          });
+        }
+      }
+    }
+  }
+  return results;
+}
+function checkRubricPrompt(repoRoot) {
+  const path = join2(repoRoot, "packages/prompts/eval-rubric.md");
+  if (!existsSync2(path))
+    return [{ ok: false, message: "packages/prompts/eval-rubric.md missing" }];
+  const text = readFileSync2(path, "utf8");
+  const id = frontmatterField(text, "id");
+  const version = frontmatterField(text, "version");
+  if (id !== "eval-rubric")
+    return [{ ok: false, message: 'eval-rubric.md frontmatter "id" must be "eval-rubric"' }];
+  if (!version)
+    return [{ ok: false, message: 'eval-rubric.md frontmatter "version" missing' }];
+  return [];
+}
+function checkEvalSkill(repoRoot) {
+  const path = join2(repoRoot, "packages/skills/xera-eval.md");
+  if (!existsSync2(path))
+    return [{ ok: false, message: "packages/skills/xera-eval.md missing" }];
+  const text = readFileSync2(path, "utf8");
+  if (!frontmatterField(text, "name"))
+    return [{ ok: false, message: 'xera-eval.md frontmatter "name" missing' }];
+  return [];
+}
+function checkPromptInjectionPreamble(repoRoot) {
+  return verifyPrompts(repoRoot);
+}
+function checkRootScripts(repoRoot) {
+  const path = join2(repoRoot, "package.json");
+  if (!existsSync2(path))
+    return [{ ok: false, message: "root package.json missing" }];
+  const pkg = JSON.parse(readFileSync2(path, "utf8"));
+  const scripts = pkg.scripts ?? {};
+  const missing = REQUIRED_SCRIPTS.filter((s) => typeof scripts[s] !== "string");
+  return missing.map((s) => ({ ok: false, message: `root package.json missing script: ${s}` }));
+}
+async function doctorCmd(_argv, opts = {}) {
+  const repoRoot = opts.cwd ?? process.cwd();
+  const results = [
+    ...checkGoldenEvalDir(repoRoot),
+    ...checkRubricPrompt(repoRoot),
+    ...checkEvalSkill(repoRoot),
+    ...checkPromptInjectionPreamble(repoRoot),
+    ...checkRootScripts(repoRoot)
+  ];
+  if (results.length === 0) {
+    console.log("[xera:doctor] ok");
+    return 0;
+  }
+  for (const r of results)
+    console.error(`[xera:doctor] ${r.message}`);
+  return 1;
+}
+
+// src/bin-internal/eval-deterministic.ts
+import { existsSync as existsSync3, readFileSync as readFileSync3, writeFileSync } from "fs";
+import { join as join4 } from "path";
+import { validateGherkin } from "@xera-ai/web";
+
+// src/eval/paths.ts
+import { join as join3 } from "path";
+function resolveEvalPaths(cwd, runId) {
+  const root = join3(cwd, ".xera", "eval", runId);
+  return {
+    root,
+    manifest: join3(root, "manifest.json"),
+    lock: join3(root, ".lock"),
+    deterministicScores: join3(root, "deterministic-scores.json"),
+    judgeScores: join3(root, "judge-scores.json"),
+    report: join3(root, "report.md"),
+    summary: join3(root, "summary.json"),
+    inputsDir: join3(root, "inputs"),
+    actualDir: join3(root, "actual"),
+    ticketInputsDir: (ticket) => join3(root, "inputs", ticket),
+    ticketActualDir: (ticket) => join3(root, "actual", ticket)
+  };
+}
+
+// src/eval/types.ts
 import { z } from "zod";
-var AuthRoleSchema = z.object({
-  envEmail: z.string().min(1),
-  envPassword: z.string().min(1)
+var STAGES = ["feature-from-story", "script-from-feature", "diagnose-failure"];
+var StageSchema = z.enum(STAGES);
+var VerdictSchema = z.enum(["PASS", "FAIL", "NA"]);
+var PromptVersionsSchema = z.object({
+  "feature-from-story": z.string(),
+  "script-from-feature": z.string(),
+  "diagnose-failure": z.string(),
+  "eval-rubric": z.string()
 });
-var AuthSchema = z.object({
-  strategy: z.enum(["storageState", "apiToken", "none"]).default("none"),
-  ttl: z.string().default("8h"),
-  refreshBuffer: z.string().default("30m"),
-  setupScript: z.string().optional(),
-  roles: z.record(z.string(), AuthRoleSchema).default({})
+var ManifestSchema = z.object({
+  run_id: z.string(),
+  started_at: z.string(),
+  git_sha: z.string(),
+  tickets: z.array(z.string()).min(1),
+  stages: z.array(StageSchema).min(1),
+  ticket_stages: z.record(z.string(), z.array(StageSchema).min(1)),
+  prompt_versions: PromptVersionsSchema,
+  flags: z.object({
+    force: z.boolean(),
+    only_prompt: StageSchema.nullable(),
+    only_ticket: z.string().nullable(),
+    judge_only: z.boolean()
+  })
 });
-var WebSchema = z.object({
-  baseUrl: z.record(z.string(), z.string().url()).refine((m) => Object.keys(m).length > 0, {
-    message: "baseUrl must have at least one environment"
+var DimensionSchema = z.object({
+  name: z.string(),
+  verdict: VerdictSchema,
+  notes: z.string()
+});
+var JudgmentSchema = z.object({
+  stage: StageSchema,
+  ticket: z.string(),
+  dimensions: z.array(DimensionSchema).min(1)
+});
+var JudgeScoresSchema = z.object({
+  run_id: z.string(),
+  judgments: z.array(JudgmentSchema)
+});
+var DeterministicEntrySchema = z.object({
+  ticket: z.string(),
+  stage: StageSchema,
+  passed: z.boolean(),
+  checks: z.array(z.string()),
+  error: z.string().optional()
+});
+var DeterministicScoresSchema = z.object({
+  run_id: z.string(),
+  entries: z.array(DeterministicEntrySchema)
+});
+var ResultSchema = z.object({
+  ticket: z.string(),
+  stage: StageSchema,
+  deterministic: z.object({
+    passed: z.boolean(),
+    checks: z.array(z.string()),
+    error: z.string().optional()
   }),
-  defaultEnv: z.string(),
-  auth: AuthSchema.default({}),
-  testData: z.object({
-    users: z.record(z.string(), z.object({ fromAuth: z.string() })).default({})
-  }).default({ users: {} })
-}).refine((w) => w.baseUrl[w.defaultEnv] !== undefined, {
-  message: "defaultEnv must exist in baseUrl map",
-  path: ["defaultEnv"]
+  judge: z.object({
+    passed: z.boolean(),
+    dimensions: z.array(DimensionSchema),
+    score: z.number().min(0).max(1)
+  }).nullable(),
+  skipped: z.boolean().optional()
 });
-var JiraSchema = z.object({
-  baseUrl: z.string().url(),
-  projectKeys: z.array(z.string().min(1)).min(1),
-  fields: z.object({
-    story: z.string().min(1),
-    acceptanceCriteria: z.string().optional(),
-    attachments: z.string().default("attachment")
+var SummarySchema = z.object({
+  run_id: z.string(),
+  git_sha: z.string(),
+  prompt_versions: PromptVersionsSchema,
+  results: z.array(ResultSchema),
+  overall: z.object({
+    passed: z.number().int().nonnegative(),
+    failed: z.number().int().nonnegative(),
+    total: z.number().int().nonnegative(),
+    score: z.number().min(0).max(1)
   })
 });
-var AISchema = z.object({
-  livePageSnapshot: z.boolean().default(true),
-  confidenceThreshold: z.enum(["low", "medium", "high"]).default("medium"),
-  maxRetries: z.object({
-    typecheck: z.number().int().min(0).max(5).default(2),
-    lint: z.number().int().min(0).max(5).default(2),
-    validateFeature: z.number().int().min(0).max(5).default(2)
-  }).default({})
-}).default({});
-var ReportingSchema = z.object({
-  language: z.enum(["en", "vi"]).default("en"),
-  postToJira: z.boolean().default(true),
-  transition: z.object({
-    onPass: z.string().nullable().default(null),
-    onFail: z.string().nullable().default(null)
-  }).default({}),
-  artifactLinks: z.enum(["git", "local"]).default("git")
-}).default({});
-var XeraConfigSchema = z.object({
-  jira: JiraSchema,
-  web: WebSchema,
-  ai: AISchema,
-  reporting: ReportingSchema,
-  adapters: z.array(z.string().min(1)).min(1).default(["web"])
-});
 
-// src/config/load.ts
-async function loadConfig(cwd) {
-  const path = join(cwd, "xera.config.ts");
-  if (!existsSync(path)) {
-    throw new Error(`xera.config.ts not found in ${cwd}`);
+// src/bin-internal/eval-deterministic.ts
+function checkFeatureFromStory(actualFeaturePath) {
+  if (!existsSync3(actualFeaturePath)) {
+    return { passed: false, checks: ["validate-feature"], error: "actual missing: test.feature" };
+  }
+  try {
+    const r = validateGherkin(readFileSync3(actualFeaturePath, "utf8"));
+    if (r.ok)
+      return { passed: true, checks: ["validate-feature"] };
+    return {
+      passed: false,
+      checks: ["validate-feature"],
+      error: r.errors.map((e) => `line ${e.line}: ${e.message}`).join("; ")
+    };
+  } catch (err) {
+    return { passed: false, checks: ["validate-feature"], error: err.message };
   }
-  const mod = await import(pathToFileURL(path).href);
-  const raw = mod.default ?? mod;
-  return XeraConfigSchema.parse(raw);
 }
-
-// src/artifact/paths.ts
-import { join as join2 } from "path";
-var TICKET_RE = /^[A-Z][A-Z0-9_]*-\d+$|^SAMPLE-\d+$/;
-function resolveArtifactPaths(repoRoot, ticket) {
-  if (!TICKET_RE.test(ticket)) {
-    throw new Error(`Invalid ticket key: "${ticket}" (expected e.g. JIRA-123 or SAMPLE-001)`);
+function checkScriptFromFeature(actualTicketDir) {
+  const specPath = join4(actualTicketDir, "spec.ts");
+  if (!existsSync3(specPath)) {
+    return { passed: false, checks: ["file-presence"], error: "actual missing: spec.ts" };
   }
-  const ticketDir = join2(repoRoot, ".xera", ticket);
-  return {
-    ticketDir,
-    storyPath: join2(ticketDir, "story.md"),
-    featurePath: join2(ticketDir, "test.feature"),
-    specPath: join2(ticketDir, "spec.ts"),
-    pageObjectsDir: join2(ticketDir, "page-objects"),
-    runsDir: join2(ticketDir, "runs"),
-    metaPath: join2(ticketDir, "meta.json"),
-    statusPath: join2(ticketDir, "status.json"),
-    logPath: join2(ticketDir, "xera.log"),
-    lockPath: join2(ticketDir, ".lock"),
-    authDir: join2(repoRoot, ".xera", ".auth"),
-    runPath: (runId) => {
-      const runDir = join2(ticketDir, "runs", runId);
-      return {
-        runDir,
-        reportJsonPath: join2(runDir, "report.json"),
-        tracePath: join2(runDir, "trace.zip"),
-        normalizedPath: join2(runDir, "normalized.json"),
-        screenshotsDir: join2(runDir, "screenshots"),
-        videoDir: join2(runDir, "videos")
-      };
+  return { passed: true, checks: ["file-presence"] };
+}
+function checkDiagnoseFailure(inputsTicketDir, actualTicketDir) {
+  const inputPath = join4(inputsTicketDir, "classifier-input.json");
+  const actualPath = join4(actualTicketDir, "classification.json");
+  if (!existsSync3(actualPath)) {
+    return {
+      passed: false,
+      checks: ["bucket-match"],
+      error: "actual missing: classification.json"
+    };
+  }
+  if (!existsSync3(inputPath)) {
+    return {
+      passed: false,
+      checks: ["bucket-match"],
+      error: "inputs missing: classifier-input.json"
+    };
+  }
+  const golden = JSON.parse(readFileSync3(inputPath, "utf8"));
+  const actual = JSON.parse(readFileSync3(actualPath, "utf8"));
+  const goldScens = golden.scenarios ?? [];
+  const actScens = actual.scenarios ?? [];
+  const mismatches = [];
+  for (const g of goldScens) {
+    const a = actScens.find((s) => s.name === g.name);
+    if (!a) {
+      mismatches.push(`missing scenario "${g.name}"`);
+      continue;
     }
-  };
+    if (a.class !== g.class)
+      mismatches.push(`scenario "${g.name}": expected class ${g.class}, got ${a.class}`);
+  }
+  if (mismatches.length > 0) {
+    return {
+      passed: false,
+      checks: ["bucket-match"],
+      error: `bucket mismatch \u2014 ${mismatches.join("; ")}`
+    };
+  }
+  return { passed: true, checks: ["bucket-match"] };
 }
-function generateRunId(now = new Date) {
-  return now.toISOString().replace(/[:.]/g, "-").replace("Z", "");
+async function evalDeterministicCmd(argv, opts = {}) {
+  const cwd = opts.cwd ?? process.cwd();
+  const runId = argv[0];
+  if (!runId) {
+    console.error("[xera:eval-deterministic] usage: eval-deterministic <run-id>");
+    return 1;
+  }
+  const paths = resolveEvalPaths(cwd, runId);
+  if (!existsSync3(paths.manifest)) {
+    console.error(`[xera:eval-deterministic] missing manifest.json at ${paths.manifest}`);
+    return 1;
+  }
+  const manifest = ManifestSchema.parse(JSON.parse(readFileSync3(paths.manifest, "utf8")));
+  const entries = [];
+  for (const [ticket, ticketStages] of Object.entries(manifest.ticket_stages)) {
+    for (const stage of ticketStages) {
+      const inputsDir = paths.ticketInputsDir(ticket);
+      const actualDir = paths.ticketActualDir(ticket);
+      let result;
+      if (stage === "feature-from-story") {
+        result = checkFeatureFromStory(join4(actualDir, "test.feature"));
+      } else if (stage === "script-from-feature") {
+        result = checkScriptFromFeature(actualDir);
+      } else {
+        result = checkDiagnoseFailure(inputsDir, actualDir);
+      }
+      const entry = {
+        ticket,
+        stage,
+        passed: result.passed,
+        checks: result.checks
+      };
+      if (result.error !== undefined)
+        entry.error = result.error;
+      entries.push(entry);
+    }
+  }
+  const scores = { run_id: runId, entries };
+  DeterministicScoresSchema.parse(scores);
+  writeFileSync(paths.deterministicScores, JSON.stringify(scores, null, 2));
+  console.log(`[xera:eval-deterministic] wrote ${entries.length} entries`);
+  return 0;
 }
 
-// src/artifact/hash.ts
-import { createHash } from "crypto";
-import { existsSync as existsSync2, readFileSync } from "fs";
-function hashString(s) {
-  return `sha256:${createHash("sha256").update(s).digest("hex")}`;
+// src/bin-internal/eval-prepare.ts
+import {
+  copyFileSync,
+  existsSync as existsSync5,
+  mkdirSync as mkdirSync2,
+  readFileSync as readFileSync5,
+  readdirSync as readdirSync2,
+  writeFileSync as writeFileSync3
+} from "fs";
+import { join as join5 } from "path";
+
+// src/eval/run-id.ts
+import { execSync } from "child_process";
+function defaultGetGitSha() {
+  try {
+    return execSync("git rev-parse HEAD", { stdio: ["ignore", "pipe", "ignore"] }).toString().trim();
+  } catch {
+    return null;
+  }
 }
-function hashFile(path) {
-  return hashString(readFileSync(path, "utf8"));
+function pad(n) {
+  return n.toString().padStart(2, "0");
 }
-function hashFileIfExists(path) {
-  if (!existsSync2(path))
-    return null;
-  return hashFile(path);
+function generateRunId(opts = {}) {
+  const getGitSha = opts.getGitSha ?? defaultGetGitSha;
+  const now = (opts.now ?? (() => new Date))();
+  const date = `${now.getUTCFullYear()}${pad(now.getUTCMonth() + 1)}${pad(now.getUTCDate())}`;
+  const time = `${pad(now.getUTCHours())}${pad(now.getUTCMinutes())}${pad(now.getUTCSeconds())}`;
+  const sha = getGitSha();
+  const short = sha ? sha.slice(0, 7) : "nogit";
+  return `${date}-${time}-${short}`;
 }
 
-// src/artifact/meta.ts
-import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync, mkdirSync } from "fs";
+// src/lock/file-lock.ts
+import { existsSync as existsSync4, mkdirSync, readFileSync as readFileSync4, unlinkSync, writeFileSync as writeFileSync2 } from "fs";
+import { hostname } from "os";
 import { dirname } from "path";
-import { z as z2 } from "zod";
-var MetaJsonSchema = z2.object({
-  ticket: z2.string(),
-  adapter: z2.string(),
-  xera_version: z2.string(),
-  prompts_version: z2.string(),
-  fetched_at: z2.string().optional(),
-  story_hash: z2.string().optional(),
-  feature_generated_at: z2.string().optional(),
-  feature_generated_from_story_hash: z2.string().optional(),
-  feature_hash: z2.string().optional(),
-  script_generated_at: z2.string().optional(),
-  script_generated_from_feature_hash: z2.string().optional(),
-  script_warnings: z2.array(z2.string()).optional()
-});
-function readMeta(path) {
-  if (!existsSync3(path))
-    return null;
-  return MetaJsonSchema.parse(JSON.parse(readFileSync2(path, "utf8")));
-}
-function writeMeta(path, meta) {
+function acquireLock(path, runId) {
+  if (existsSync4(path))
+    return false;
   mkdirSync(dirname(path), { recursive: true });
-  writeFileSync(path, JSON.stringify(meta, null, 2));
+  const data = {
+    pid: process.pid,
+    hostname: hostname(),
+    started_at: new Date().toISOString(),
+    run_id: runId
+  };
+  try {
+    writeFileSync2(path, JSON.stringify(data), { flag: "wx" });
+    return true;
+  } catch {
+    return false;
+  }
 }
-function updateMeta(path, patch) {
-  const existing = readMeta(path);
-  if (!existing) {
-    throw new Error(`meta.json not found at ${path}; cannot update`);
+function releaseLock(path) {
+  if (existsSync4(path))
+    unlinkSync(path);
+}
+function readLock(path) {
+  if (!existsSync4(path))
+    return null;
+  return JSON.parse(readFileSync4(path, "utf8"));
+}
+function isLockStale(path) {
+  const lock = readLock(path);
+  if (!lock)
+    return true;
+  if (lock.hostname !== hostname()) {
+    return false;
   }
-  const next = { ...existing, ...patch };
-  writeMeta(path, next);
-  return next;
+  try {
+    process.kill(lock.pid, 0);
+    return false;
+  } catch {
+    return true;
+  }
+}
+function forceUnlock(path) {
+  releaseLock(path);
 }
 
-// src/jira/mcp-backend.ts
-import { existsSync as existsSync4, readFileSync as readFileSync3, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2 } from "fs";
-import { tmpdir } from "os";
-import { join as join3 } from "path";
-var MCP_ENV = "XERA_MCP_JIRA";
-async function createMcpBackend(_baseUrl) {
-  if (process.env[MCP_ENV] !== "1")
-    return null;
-  const tmpDir = join3(tmpdir(), "xera-mcp");
-  mkdirSync2(tmpDir, { recursive: true });
-  return {
-    backend: "mcp",
-    async fetchTicket(key, _fields) {
-      const cachePath = join3(tmpDir, `${key}.json`);
-      if (!existsSync4(cachePath)) {
-        throw new Error(`MCP-mode fetch requires the skill to first call mcp__atlassian__getJiraIssue and write ${cachePath}. ` + `If you are running this directly, unset ${MCP_ENV} to use REST.`);
+// src/bin-internal/eval-prepare.ts
+function parseFlags(argv) {
+  const flags = { force: false, only_prompt: null, only_ticket: null };
+  for (const arg of argv) {
+    if (arg === "--force")
+      flags.force = true;
+    else if (arg.startsWith("--prompt=")) {
+      const v = arg.slice("--prompt=".length);
+      if (!STAGES.includes(v)) {
+        return { error: `Unknown stage: ${v}. Valid: ${STAGES.join(", ")}.` };
       }
-      const parsed = JSON.parse(readFileSync3(cachePath, "utf8"));
-      return parsed;
-    },
-    async postComment(key, body) {
-      const outPath = join3(tmpDir, `${key}.comment.json`);
-      writeFileSync2(outPath, JSON.stringify({ key, body }));
-      return { id: "mcp-pending" };
-    },
-    async transitionStatus(key, statusName) {
-      const outPath = join3(tmpDir, `${key}.transition.json`);
-      writeFileSync2(outPath, JSON.stringify({ key, statusName }));
+      flags.only_prompt = v;
+    } else if (arg.startsWith("--ticket=")) {
+      flags.only_ticket = arg.slice("--ticket=".length);
+    } else {
+      return { error: `Unknown argument: ${arg}` };
+    }
+  }
+  return flags;
+}
+function readPromptVersion(repoRoot, name) {
+  const path = join5(repoRoot, "packages/prompts", `${name}.md`);
+  if (!existsSync5(path))
+    return "0.0.0";
+  const text = readFileSync5(path, "utf8");
+  const m = /^version:\s*(\S+)\s*$/m.exec(text);
+  return m?.[1] ?? "0.0.0";
+}
+function discoverEvalTickets(repoRoot) {
+  const root = join5(repoRoot, "fixtures/golden-eval");
+  if (!existsSync5(root))
+    return [];
+  const out = [];
+  for (const entry of readdirSync2(root, { withFileTypes: true })) {
+    if (!entry.isDirectory())
+      continue;
+    if (entry.name === "README.md" || entry.name.startsWith("."))
+      continue;
+    const dir = join5(root, entry.name);
+    const metaPath = join5(dir, "meta.json");
+    if (!existsSync5(metaPath))
+      continue;
+    const meta = JSON.parse(readFileSync5(metaPath, "utf8"));
+    out.push({ id: meta.id, dir, stages: meta.stages });
+  }
+  return out.sort((a, b) => a.id.localeCompare(b.id));
+}
+function discoverClassifierTickets(repoRoot) {
+  const root = join5(repoRoot, "fixtures/golden-tickets");
+  if (!existsSync5(root))
+    return [];
+  const out = [];
+  for (const entry of readdirSync2(root, { withFileTypes: true })) {
+    if (!entry.isFile() || !entry.name.endsWith(".json"))
+      continue;
+    const path = join5(root, entry.name);
+    const data = JSON.parse(readFileSync5(path, "utf8"));
+    if (typeof data.ticket === "string")
+      out.push({ id: data.ticket, path });
+  }
+  return out.sort((a, b) => a.id.localeCompare(b.id));
+}
+async function evalPrepareCmd(argv, opts = {}) {
+  const repoRoot = opts.cwd ?? process.cwd();
+  const flags = parseFlags(argv);
+  if ("error" in flags) {
+    console.error(`[xera:eval-prepare] ${flags.error}`);
+    return 1;
+  }
+  const evalTickets = discoverEvalTickets(repoRoot);
+  const classifierTickets = discoverClassifierTickets(repoRoot);
+  const stages = flags.only_prompt ? [flags.only_prompt] : [...STAGES];
+  const wantsEval = stages.some((s) => s !== "diagnose-failure");
+  const wantsClassifier = stages.includes("diagnose-failure");
+  let selectedTickets = [];
+  if (wantsEval)
+    selectedTickets.push(...evalTickets.map((t) => t.id));
+  if (wantsClassifier)
+    selectedTickets.push(...classifierTickets.map((t) => t.id));
+  selectedTickets = [...new Set(selectedTickets)].sort();
+  if (flags.only_ticket) {
+    if (!selectedTickets.includes(flags.only_ticket)) {
+      console.error(`[xera:eval-prepare] No golden fixture for ${flags.only_ticket}`);
+      return 1;
+    }
+    selectedTickets = [flags.only_ticket];
+  }
+  if (selectedTickets.length === 0) {
+    console.error("[xera:eval-prepare] No tickets selected (after filters).");
+    return 1;
+  }
+  const ticket_stages = {};
+  for (const ticket of selectedTickets) {
+    const evalT = evalTickets.find((t) => t.id === ticket);
+    let ticketDeclared;
+    if (evalT) {
+      ticketDeclared = evalT.stages;
+    } else {
+      ticketDeclared = ["diagnose-failure"];
+    }
+    const intersection = ticketDeclared.filter((s) => stages.includes(s));
+    if (intersection.length > 0) {
+      ticket_stages[ticket] = intersection;
+    }
+  }
+  selectedTickets = selectedTickets.filter((t) => ticket_stages[t] !== undefined);
+  if (selectedTickets.length === 0) {
+    console.error("[xera:eval-prepare] No tickets applicable to requested stages.");
+    return 1;
+  }
+  const runId = generateRunId({
+    ...opts.now ? { now: opts.now } : {},
+    ...opts.getGitSha ? { getGitSha: opts.getGitSha } : {}
+  });
+  const paths = resolveEvalPaths(repoRoot, runId);
+  if (existsSync5(paths.root) && !flags.force) {
+    console.error(`[xera:eval-prepare] run dir already exists: ${paths.root}. Pass --force to re-run.`);
+    return 1;
+  }
+  mkdirSync2(paths.inputsDir, { recursive: true });
+  mkdirSync2(paths.actualDir, { recursive: true });
+  for (const ticket of selectedTickets) {
+    const ticketInputs = paths.ticketInputsDir(ticket);
+    mkdirSync2(ticketInputs, { recursive: true });
+    const evalT = evalTickets.find((t) => t.id === ticket);
+    const classT = classifierTickets.find((t) => t.id === ticket);
+    if (evalT) {
+      copyFileSync(join5(evalT.dir, "story.md"), join5(ticketInputs, "story.md"));
+      const featurePath = join5(evalT.dir, "golden/test.feature");
+      if (existsSync5(featurePath))
+        copyFileSync(featurePath, join5(ticketInputs, "test.feature"));
+    }
+    if (classT) {
+      copyFileSync(classT.path, join5(ticketInputs, "classifier-input.json"));
+    }
+  }
+  const now = (opts.now ?? (() => new Date))();
+  const manifest = {
+    run_id: runId,
+    started_at: now.toISOString(),
+    git_sha: runId.split("-")[2] ?? "nogit",
+    tickets: selectedTickets,
+    stages,
+    ticket_stages,
+    prompt_versions: {
+      "feature-from-story": readPromptVersion(repoRoot, "feature-from-story"),
+      "script-from-feature": readPromptVersion(repoRoot, "script-from-feature"),
+      "diagnose-failure": readPromptVersion(repoRoot, "diagnose-failure"),
+      "eval-rubric": readPromptVersion(repoRoot, "eval-rubric")
     },
-    async listFields(_sampleKey) {
-      throw new Error("listFields is REST-only; init flow uses REST for field discovery.");
+    flags: {
+      force: flags.force,
+      only_prompt: flags.only_prompt,
+      only_ticket: flags.only_ticket,
+      judge_only: false
     }
   };
+  ManifestSchema.parse(manifest);
+  writeFileSync3(paths.manifest, JSON.stringify(manifest, null, 2));
+  if (!acquireLock(paths.lock, runId)) {
+    console.error(`[xera:eval-prepare] failed to acquire lock at ${paths.lock}`);
+    return 4;
+  }
+  console.log(`[xera:eval-prepare] prepared ${selectedTickets.length} ticket(s) for stages: ${stages.join(", ")}`);
+  console.log(`RUN_ID=${runId}`);
+  return 0;
 }
 
-// src/jira/rest-backend.ts
-function createRestBackend(baseUrl, creds) {
-  const authHeader = `Basic ${Buffer.from(`${creds.email}:${creds.apiToken}`).toString("base64")}`;
-  const base = baseUrl.replace(/\/$/, "");
-  async function req(path, init) {
-    const r = await fetch(`${base}${path}`, {
-      ...init,
-      headers: {
-        Authorization: authHeader,
-        Accept: "application/json",
-        "Content-Type": "application/json",
-        ...init?.headers ?? {}
-      }
-    });
-    if (!r.ok && r.status !== 201) {
-      throw new Error(`Jira REST ${init?.method ?? "GET"} ${path} failed: ${r.status} ${await r.text()}`);
-    }
-    return r;
+// src/bin-internal/eval-report.ts
+import { existsSync as existsSync6, readFileSync as readFileSync6, writeFileSync as writeFileSync4 } from "fs";
+function scoreJudgment(j) {
+  const nonNa = j.dimensions.filter((d) => d.verdict !== "NA");
+  if (nonNa.length === 0)
+    return { passed: true, score: 1 };
+  const passes = nonNa.filter((d) => d.verdict === "PASS").length;
+  const score = passes / nonNa.length;
+  const passed = nonNa.every((d) => d.verdict === "PASS");
+  return { passed, score };
+}
+function renderReport(summary) {
+  const lines = [];
+  lines.push(`# xera eval report ${summary.run_id}`);
+  lines.push("");
+  lines.push(`**Git SHA:** \`${summary.git_sha}\``);
+  lines.push("");
+  lines.push("**Prompt versions:**");
+  for (const [k, v] of Object.entries(summary.prompt_versions))
+    lines.push(`- \`${k}\`: ${v}`);
+  lines.push("");
+  lines.push(`**Overall:** ${summary.overall.passed}/${summary.overall.total} PASS (score ${(summary.overall.score * 100).toFixed(0)}%)`);
+  lines.push("");
+  lines.push("## Results");
+  lines.push("");
+  lines.push("| Ticket | Stage | Deterministic | Judge | Score |");
+  lines.push("|---|---|---|---|---|");
+  for (const r of summary.results) {
+    const det = r.deterministic.passed ? "PASS" : `FAIL (${r.deterministic.error ?? ""})`;
+    const judge = r.skipped ? "SKIPPED" : r.judge ? r.judge.passed ? "PASS" : "FAIL" : "SKIPPED";
+    const score = r.judge ? `${(r.judge.score * 100).toFixed(0)}%` : "\u2014";
+    lines.push(`| ${r.ticket} | ${r.stage} | ${det} | ${judge} | ${score} |`);
   }
-  return {
-    backend: "rest",
-    async fetchTicket(key, fields) {
-      const want = ["summary", fields.story];
-      if (fields.acceptanceCriteria)
-        want.push(fields.acceptanceCriteria);
-      want.push("attachment");
-      const r = await req(`/rest/api/3/issue/${encodeURIComponent(key)}?fields=${want.join(",")}`);
-      const json = await r.json();
-      const f = json.fields;
-      const attachments = Array.isArray(f.attachment) ? f.attachment.map((a) => ({ filename: a.filename, url: a.content })) : [];
+  lines.push("");
+  lines.push("## Dimension breakdown");
+  lines.push("");
+  for (const r of summary.results) {
+    if (!r.judge || r.judge.dimensions.length === 0)
+      continue;
+    lines.push(`### ${r.ticket} \u2014 ${r.stage}`);
+    lines.push("");
+    for (const d of r.judge.dimensions)
+      lines.push(`- **${d.name}** \u2014 ${d.verdict}: ${d.notes}`);
+    lines.push("");
+  }
+  return lines.join(`
+`);
+}
+async function evalReportCmd(argv, opts = {}) {
+  const cwd = opts.cwd ?? process.cwd();
+  const runId = argv[0];
+  if (!runId) {
+    console.error("[xera:eval-report] usage: eval-report <run-id>");
+    return 1;
+  }
+  const paths = resolveEvalPaths(cwd, runId);
+  if (!existsSync6(paths.manifest)) {
+    console.error(`[xera:eval-report] missing manifest.json at ${paths.manifest}`);
+    return 1;
+  }
+  const manifest = ManifestSchema.parse(JSON.parse(readFileSync6(paths.manifest, "utf8")));
+  try {
+    let det;
+    let judge;
+    try {
+      det = DeterministicScoresSchema.parse(JSON.parse(readFileSync6(paths.deterministicScores, "utf8")));
+    } catch (err) {
+      console.error(`[xera:eval-report] invalid deterministic-scores.json: ${err.message}`);
+      return 2;
+    }
+    try {
+      judge = JudgeScoresSchema.parse(JSON.parse(readFileSync6(paths.judgeScores, "utf8")));
+    } catch (err) {
+      console.error(`[xera:eval-report] invalid judge-scores.json: ${err.message}`);
+      return 2;
+    }
+    const results = [];
+    for (const detEntry of det.entries) {
+      const judgment = judge.judgments.find((j) => j.ticket === detEntry.ticket && j.stage === detEntry.stage);
+      if (!judgment && detEntry.error?.startsWith("actual missing")) {
+        const r2 = {
+          ticket: detEntry.ticket,
+          stage: detEntry.stage,
+          deterministic: {
+            passed: detEntry.passed,
+            checks: detEntry.checks,
+            ...detEntry.error !== undefined ? { error: detEntry.error } : {}
+          },
+          judge: null,
+          skipped: true
+        };
+        results.push(r2);
+        continue;
+      }
+      if (!judgment) {
+        const r2 = {
+          ticket: detEntry.ticket,
+          stage: detEntry.stage,
+          deterministic: {
+            passed: detEntry.passed,
+            checks: detEntry.checks,
+            ...detEntry.error !== undefined ? { error: detEntry.error } : {}
+          },
+          judge: { passed: false, dimensions: [], score: 0 }
+        };
+        results.push(r2);
+        continue;
+      }
+      const { passed, score } = scoreJudgment(judgment);
+      const r = {
+        ticket: detEntry.ticket,
+        stage: detEntry.stage,
+        deterministic: {
+          passed: detEntry.passed,
+          checks: detEntry.checks,
+          ...detEntry.error !== undefined ? { error: detEntry.error } : {}
+        },
+        judge: { passed, dimensions: judgment.dimensions, score }
+      };
+      results.push(r);
+    }
+    const counted = results.filter((r) => !r.skipped);
+    const passedCount = counted.filter((r) => r.deterministic.passed && r.judge?.passed).length;
+    const failedCount = counted.length - passedCount;
+    const avgScore = counted.length === 0 ? 0 : counted.reduce((acc, r) => acc + (r.deterministic.passed && r.judge ? r.judge.score : 0), 0) / counted.length;
+    const summary = {
+      run_id: runId,
+      git_sha: manifest.git_sha,
+      prompt_versions: manifest.prompt_versions,
+      results,
+      overall: { passed: passedCount, failed: failedCount, total: counted.length, score: avgScore }
+    };
+    SummarySchema.parse(summary);
+    writeFileSync4(paths.summary, JSON.stringify(summary, null, 2));
+    writeFileSync4(paths.report, renderReport(summary));
+    console.log(`[xera:eval-report] ${passedCount}/${counted.length} PASS (avg ${(avgScore * 100).toFixed(0)}%)`);
+    return 0;
+  } finally {
+    releaseLock(paths.lock);
+  }
+}
+
+// src/bin-internal/exec.ts
+import { existsSync as existsSync10, mkdirSync as mkdirSync5 } from "fs";
+import { join as join9 } from "path";
+import { chromium } from "@playwright/test";
+import { runAuthSetup, runPlaywright, stagePlaywrightState } from "@xera-ai/web";
+
+// src/artifact/paths.ts
+import { join as join6 } from "path";
+var TICKET_RE = /^[A-Z][A-Z0-9_]*-\d+$|^SAMPLE-\d+$/;
+function resolveArtifactPaths(repoRoot, ticket) {
+  if (!TICKET_RE.test(ticket)) {
+    throw new Error(`Invalid ticket key: "${ticket}" (expected e.g. JIRA-123 or SAMPLE-001)`);
+  }
+  const ticketDir = join6(repoRoot, ".xera", ticket);
+  return {
+    ticketDir,
+    storyPath: join6(ticketDir, "story.md"),
+    featurePath: join6(ticketDir, "test.feature"),
+    specPath: join6(ticketDir, "spec.ts"),
+    pageObjectsDir: join6(ticketDir, "page-objects"),
+    runsDir: join6(ticketDir, "runs"),
+    metaPath: join6(ticketDir, "meta.json"),
+    statusPath: join6(ticketDir, "status.json"),
+    logPath: join6(ticketDir, "xera.log"),
+    lockPath: join6(ticketDir, ".lock"),
+    authDir: join6(repoRoot, ".xera", ".auth"),
+    runPath: (runId) => {
+      const runDir = join6(ticketDir, "runs", runId);
+      return {
+        runDir,
+        reportJsonPath: join6(runDir, "report.json"),
+        tracePath: join6(runDir, "trace.zip"),
+        normalizedPath: join6(runDir, "normalized.json"),
+        screenshotsDir: join6(runDir, "screenshots"),
+        videoDir: join6(runDir, "videos")
+      };
+    }
+  };
+}
+function generateRunId2(now = new Date) {
+  return now.toISOString().replace(/[:.]/g, "-").replace("Z", "");
+}
+
+// src/auth/refresh.ts
+var RE = /^(\d+)([hms])$/;
+function parseDuration(d) {
+  const m = RE.exec(d);
+  if (!m)
+    throw new Error(`Bad duration "${d}" \u2014 expected e.g. "8h", "30m", "45s"`);
+  const n = Number(m[1]);
+  const unit = m[2];
+  if (unit === "h")
+    return n * 3600 * 1000;
+  if (unit === "m")
+    return n * 60 * 1000;
+  return n * 1000;
+}
+function needsRefresh(entry, policy, now = new Date) {
+  if (!entry)
+    return true;
+  const ttlMs = parseDuration(policy.ttl);
+  const bufMs = parseDuration(policy.refreshBuffer);
+  const createdAt = new Date(entry.created_at).getTime();
+  if (now.getTime() - createdAt > ttlMs)
+    return true;
+  const expiresAt = new Date(entry.expires_at).getTime();
+  if (expiresAt - now.getTime() < bufMs)
+    return true;
+  return false;
+}
+
+// src/auth/state.ts
+import { existsSync as existsSync7, mkdirSync as mkdirSync3, readFileSync as readFileSync7, writeFileSync as writeFileSync5 } from "fs";
+import { join as join7 } from "path";
+import { z as z2 } from "zod";
+
+// src/auth/encrypt.ts
+import { createCipheriv, createDecipheriv, randomBytes } from "crypto";
+var ALGO = "aes-256-gcm";
+var KEY_LEN = 32;
+var IV_LEN = 12;
+var TAG_LEN = 16;
+var VERSION = "v1";
+function generateKey() {
+  return randomBytes(KEY_LEN).toString("hex");
+}
+function keyToBuf(key) {
+  const buf = Buffer.from(key, "hex");
+  if (buf.length !== KEY_LEN)
+    throw new Error(`Key must be ${KEY_LEN} bytes (got ${buf.length})`);
+  return buf;
+}
+function encrypt(plaintext, keyHex) {
+  const key = keyToBuf(keyHex);
+  const iv = randomBytes(IV_LEN);
+  const cipher = createCipheriv(ALGO, key, iv);
+  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return `${VERSION}:${iv.toString("base64")}:${tag.toString("base64")}:${ct.toString("base64")}`;
+}
+function decrypt(ciphertext, keyHex) {
+  const [version, ivB64, tagB64, ctB64] = ciphertext.split(":");
+  if (version !== VERSION)
+    throw new Error(`Unsupported ciphertext version: ${version}`);
+  if (!ivB64 || !tagB64 || !ctB64)
+    throw new Error("Malformed ciphertext");
+  const key = keyToBuf(keyHex);
+  const iv = Buffer.from(ivB64, "base64");
+  const tag = Buffer.from(tagB64, "base64");
+  const ct = Buffer.from(ctB64, "base64");
+  if (tag.length !== TAG_LEN)
+    throw new Error("Bad auth tag length");
+  const decipher = createDecipheriv(ALGO, key, iv);
+  decipher.setAuthTag(tag);
+  return Buffer.concat([decipher.update(ct), decipher.final()]).toString("utf8");
+}
+
+// src/auth/key.ts
+var AUTH_KEY_ENV = "XERA_AUTH_KEY";
+function resolveAuthKey() {
+  const key = process.env[AUTH_KEY_ENV];
+  if (!key) {
+    throw new Error(`${AUTH_KEY_ENV} not set. It is auto-generated by \`xera init\` and saved to .env. If you deleted .env, regenerate it by running \`xera init --update\` \u2014 note that any cached auth state will be invalidated.`);
+  }
+  if (!/^[0-9a-f]{64}$/i.test(key)) {
+    throw new Error(`${AUTH_KEY_ENV} must be a 64-character hex string (32 bytes).`);
+  }
+  return key;
+}
+
+// src/auth/state.ts
+var AuthStateEntrySchema = z2.object({
+  role: z2.string(),
+  strategy: z2.enum(["storageState", "apiToken"]),
+  created_at: z2.string(),
+  expires_at: z2.string(),
+  payload: z2.record(z2.string(), z2.unknown())
+});
+function pathFor(authDir, role) {
+  return join7(authDir, `${role}.json`);
+}
+function writeAuthState(authDir, entry) {
+  mkdirSync3(authDir, { recursive: true });
+  const ct = encrypt(JSON.stringify(entry), resolveAuthKey());
+  writeFileSync5(pathFor(authDir, entry.role), ct);
+}
+function readAuthState(authDir, role) {
+  const p = pathFor(authDir, role);
+  if (!existsSync7(p))
+    return null;
+  const txt = readFileSync7(p, "utf8");
+  const plain = decrypt(txt, resolveAuthKey());
+  return AuthStateEntrySchema.parse(JSON.parse(plain));
+}
+
+// src/config/load.ts
+import { existsSync as existsSync8 } from "fs";
+import { join as join8 } from "path";
+import { pathToFileURL } from "url";
+
+// src/config/schema.ts
+import { z as z3 } from "zod";
+var AuthRoleSchema = z3.object({
+  envEmail: z3.string().min(1),
+  envPassword: z3.string().min(1)
+});
+var AuthSchema = z3.object({
+  strategy: z3.enum(["storageState", "apiToken", "none"]).default("none"),
+  ttl: z3.string().default("8h"),
+  refreshBuffer: z3.string().default("30m"),
+  setupScript: z3.string().optional(),
+  roles: z3.record(z3.string(), AuthRoleSchema).default({})
+});
+var WebSchema = z3.object({
+  baseUrl: z3.record(z3.string(), z3.string().url()).refine((m) => Object.keys(m).length > 0, {
+    message: "baseUrl must have at least one environment"
+  }),
+  defaultEnv: z3.string(),
+  auth: AuthSchema.default({}),
+  testData: z3.object({
+    users: z3.record(z3.string(), z3.object({ fromAuth: z3.string() })).default({})
+  }).default({ users: {} })
+}).refine((w) => w.baseUrl[w.defaultEnv] !== undefined, {
+  message: "defaultEnv must exist in baseUrl map",
+  path: ["defaultEnv"]
+});
+var JiraSchema = z3.object({
+  baseUrl: z3.string().url(),
+  projectKeys: z3.array(z3.string().min(1)).min(1),
+  fields: z3.object({
+    story: z3.string().min(1),
+    acceptanceCriteria: z3.string().optional(),
+    attachments: z3.string().default("attachment")
+  })
+});
+var AISchema = z3.object({
+  livePageSnapshot: z3.boolean().default(true),
+  confidenceThreshold: z3.enum(["low", "medium", "high"]).default("medium"),
+  maxRetries: z3.object({
+    typecheck: z3.number().int().min(0).max(5).default(2),
+    lint: z3.number().int().min(0).max(5).default(2),
+    validateFeature: z3.number().int().min(0).max(5).default(2)
+  }).default({})
+}).default({});
+var ReportingSchema = z3.object({
+  language: z3.enum(["en", "vi"]).default("en"),
+  postToJira: z3.boolean().default(true),
+  transition: z3.object({
+    onPass: z3.string().nullable().default(null),
+    onFail: z3.string().nullable().default(null)
+  }).default({}),
+  artifactLinks: z3.enum(["git", "local"]).default("git")
+}).default({});
+var XeraConfigSchema = z3.object({
+  jira: JiraSchema,
+  web: WebSchema,
+  ai: AISchema,
+  reporting: ReportingSchema,
+  adapters: z3.array(z3.string().min(1)).min(1).default(["web"])
+});
+
+// src/config/load.ts
+async function loadConfig(cwd) {
+  const path = join8(cwd, "xera.config.ts");
+  if (!existsSync8(path)) {
+    throw new Error(`xera.config.ts not found in ${cwd}`);
+  }
+  const mod = await import(pathToFileURL(path).href);
+  const raw = mod.default ?? mod;
+  return XeraConfigSchema.parse(raw);
+}
+
+// src/logging/ndjson-logger.ts
+import { appendFileSync, existsSync as existsSync9, mkdirSync as mkdirSync4, readFileSync as readFileSync8 } from "fs";
+import { dirname as dirname2 } from "path";
+
+class NdjsonLogger {
+  path;
+  constructor(path) {
+    this.path = path;
+    mkdirSync4(dirname2(path), { recursive: true });
+  }
+  log(payload) {
+    const entry = { ts: new Date().toISOString(), ...payload };
+    appendFileSync(this.path, `${JSON.stringify(entry)}
+`);
+  }
+  static readAll(path) {
+    if (!existsSync9(path))
+      return [];
+    const txt = readFileSync8(path, "utf8").trim();
+    if (!txt)
+      return [];
+    return txt.split(`
+`).map((line) => JSON.parse(line));
+  }
+}
+
+// src/bin-internal/exec.ts
+async function execCmd(argv) {
+  const ticket = argv[0];
+  if (!ticket) {
+    console.error("[xera:exec] usage: exec <TICKET>");
+    return 1;
+  }
+  const cwd = process.cwd();
+  const config = await loadConfig(cwd);
+  const paths = resolveArtifactPaths(cwd, ticket);
+  const runId = generateRunId2();
+  const log = new NdjsonLogger(paths.logPath);
+  if (!acquireLock(paths.lockPath, runId)) {
+    if (isLockStale(paths.lockPath)) {
+      console.error(`[xera:exec] stale lock detected; force unlocking. Run \`xera-internal unlock ${ticket}\` to clear manually.`);
+      forceUnlock(paths.lockPath);
+      acquireLock(paths.lockPath, runId);
+    } else {
+      const existing = readLock(paths.lockPath);
+      console.error(`[xera:exec] another run in progress (PID ${existing?.pid} on ${existing?.hostname}, started ${existing?.started_at}). Wait or run \`xera-internal unlock ${ticket}\`.`);
+      return 1;
+    }
+  }
+  const t0 = Date.now();
+  try {
+    if (config.web.auth.strategy === "storageState" && config.web.auth.setupScript) {
+      const browser = await chromium.launch();
+      try {
+        for (const [roleName, roleCreds] of Object.entries(config.web.auth.roles)) {
+          const entry = readAuthState(paths.authDir, roleName);
+          if (needsRefresh(entry, {
+            ttl: config.web.auth.ttl,
+            refreshBuffer: config.web.auth.refreshBuffer
+          })) {
+            const email = process.env[roleCreds.envEmail];
+            const password = process.env[roleCreds.envPassword];
+            if (!email || !password) {
+              console.error(`[xera:exec] missing env ${roleCreds.envEmail} or ${roleCreds.envPassword} for role "${roleName}"`);
+              return 1;
+            }
+            await runAuthSetup({
+              role: roleName,
+              creds: { email, password },
+              setupScriptPath: join9(cwd, config.web.auth.setupScript),
+              authDir: paths.authDir,
+              browser
+            });
+            log.log({ step: "auth-refresh", role: roleName });
+          }
+        }
+      } finally {
+        await browser.close();
+      }
+    }
+    if (config.web.auth.strategy === "storageState") {
+      for (const roleName of Object.keys(config.web.auth.roles)) {
+        if (readAuthState(paths.authDir, roleName)) {
+          stagePlaywrightState(paths.authDir, roleName);
+        }
+      }
+    }
+    const cfgPath = join9(cwd, "playwright.config.ts");
+    if (!existsSync10(cfgPath)) {
+      console.error(`[xera:exec] missing ${cfgPath}. Run \`xera init\` to scaffold it, then re-run.`);
+      return 1;
+    }
+    const runDir = paths.runPath(runId).runDir;
+    mkdirSync5(runDir, { recursive: true });
+    const envName = process.env.XERA_ENV ?? config.web.defaultEnv;
+    const baseURL = config.web.baseUrl[envName] ?? config.web.baseUrl[config.web.defaultEnv];
+    const reportJsonPath = join9(runDir, "report.json");
+    log.log({ step: "exec.start", runId, env: envName, baseURL });
+    const r = await runPlaywright({
+      specPath: paths.specPath,
+      configPath: cfgPath,
+      outputDir: runDir,
+      env: {
+        XERA_BASE_URL: baseURL,
+        XERA_ENV: envName,
+        PLAYWRIGHT_JSON_OUTPUT_NAME: reportJsonPath
+      }
+    });
+    log.log({ step: "exec.done", runId, exit: r.exitCode, ms: Date.now() - t0 });
+    console.log(`[xera:exec] runId=${runId} outcome=${r.outcome}`);
+    return r.outcome === "PASS" ? 0 : 3;
+  } finally {
+    releaseLock(paths.lockPath);
+  }
+}
+
+// src/bin-internal/fetch.ts
+import { mkdirSync as mkdirSync8, writeFileSync as writeFileSync8 } from "fs";
+import { dirname as dirname4 } from "path";
+
+// src/artifact/hash.ts
+import { createHash } from "crypto";
+import { existsSync as existsSync11, readFileSync as readFileSync9 } from "fs";
+function hashString(s) {
+  return `sha256:${createHash("sha256").update(s).digest("hex")}`;
+}
+function hashFile(path) {
+  return hashString(readFileSync9(path, "utf8"));
+}
+function hashFileIfExists(path) {
+  if (!existsSync11(path))
+    return null;
+  return hashFile(path);
+}
+
+// src/artifact/meta.ts
+import { existsSync as existsSync12, mkdirSync as mkdirSync6, readFileSync as readFileSync10, writeFileSync as writeFileSync6 } from "fs";
+import { dirname as dirname3 } from "path";
+import { z as z4 } from "zod";
+var MetaJsonSchema = z4.object({
+  ticket: z4.string(),
+  adapter: z4.string(),
+  xera_version: z4.string(),
+  prompts_version: z4.string(),
+  fetched_at: z4.string().optional(),
+  story_hash: z4.string().optional(),
+  feature_generated_at: z4.string().optional(),
+  feature_generated_from_story_hash: z4.string().optional(),
+  feature_hash: z4.string().optional(),
+  script_generated_at: z4.string().optional(),
+  script_generated_from_feature_hash: z4.string().optional(),
+  script_warnings: z4.array(z4.string()).optional()
+});
+function readMeta(path) {
+  if (!existsSync12(path))
+    return null;
+  return MetaJsonSchema.parse(JSON.parse(readFileSync10(path, "utf8")));
+}
+function writeMeta(path, meta) {
+  mkdirSync6(dirname3(path), { recursive: true });
+  writeFileSync6(path, JSON.stringify(meta, null, 2));
+}
+function updateMeta(path, patch) {
+  const existing = readMeta(path);
+  if (!existing) {
+    throw new Error(`meta.json not found at ${path}; cannot update`);
+  }
+  const next = { ...existing, ...patch };
+  writeMeta(path, next);
+  return next;
+}
+
+// src/jira/mcp-backend.ts
+import { existsSync as existsSync13, mkdirSync as mkdirSync7, readFileSync as readFileSync11, writeFileSync as writeFileSync7 } from "fs";
+import { tmpdir } from "os";
+import { join as join10 } from "path";
+var MCP_ENV = "XERA_MCP_JIRA";
+async function createMcpBackend(_baseUrl) {
+  if (process.env[MCP_ENV] !== "1")
+    return null;
+  const tmpDir = join10(tmpdir(), "xera-mcp");
+  mkdirSync7(tmpDir, { recursive: true });
+  return {
+    backend: "mcp",
+    async fetchTicket(key, _fields) {
+      const cachePath = join10(tmpDir, `${key}.json`);
+      if (!existsSync13(cachePath)) {
+        throw new Error(`MCP-mode fetch requires the skill to first call mcp__atlassian__getJiraIssue and write ${cachePath}. ` + `If you are running this directly, unset ${MCP_ENV} to use REST.`);
+      }
+      const parsed = JSON.parse(readFileSync11(cachePath, "utf8"));
+      return parsed;
+    },
+    async postComment(key, body) {
+      const outPath = join10(tmpDir, `${key}.comment.json`);
+      writeFileSync7(outPath, JSON.stringify({ key, body }));
+      return { id: "mcp-pending" };
+    },
+    async transitionStatus(key, statusName) {
+      const outPath = join10(tmpDir, `${key}.transition.json`);
+      writeFileSync7(outPath, JSON.stringify({ key, statusName }));
+    },
+    async listFields(_sampleKey) {
+      throw new Error("listFields is REST-only; init flow uses REST for field discovery.");
+    }
+  };
+}
+
+// src/jira/rest-backend.ts
+function createRestBackend(baseUrl, creds) {
+  const authHeader = `Basic ${Buffer.from(`${creds.email}:${creds.apiToken}`).toString("base64")}`;
+  const base = baseUrl.replace(/\/$/, "");
+  async function req(path, init) {
+    const r = await fetch(`${base}${path}`, {
+      ...init,
+      headers: {
+        Authorization: authHeader,
+        Accept: "application/json",
+        "Content-Type": "application/json",
+        ...init?.headers ?? {}
+      }
+    });
+    if (!r.ok && r.status !== 201) {
+      throw new Error(`Jira REST ${init?.method ?? "GET"} ${path} failed: ${r.status} ${await r.text()}`);
+    }
+    return r;
+  }
+  return {
+    backend: "rest",
+    async fetchTicket(key, fields) {
+      const want = ["summary", fields.story];
+      if (fields.acceptanceCriteria)
+        want.push(fields.acceptanceCriteria);
+      want.push("attachment");
+      const r = await req(`/rest/api/3/issue/${encodeURIComponent(key)}?fields=${want.join(",")}`);
+      const json = await r.json();
+      const f = json.fields;
+      const attachments = Array.isArray(f.attachment) ? f.attachment.map((a) => ({
+        filename: a.filename,
+        url: a.content
+      })) : [];
       const ticket = {
         key: json.key,
         summary: String(f.summary ?? ""),
@@ -252,7 +1265,11 @@ function createRestBackend(baseUrl, creds) {
       const r = await req(`/rest/api/3/issue/${encodeURIComponent(key)}/comment`, {
         method: "POST",
         body: JSON.stringify({
-          body: { type: "doc", version: 1, content: [{ type: "paragraph", content: [{ type: "text", text: body }] }] }
+          body: {
+            type: "doc",
+            version: 1,
+            content: [{ type: "paragraph", content: [{ type: "text", text: body }] }]
+          }
         })
       });
       const json = await r.json();
@@ -278,422 +1295,670 @@ function createRestBackend(baseUrl, creds) {
         hasContent: value !== null && value !== undefined && value !== ""
       }));
     }
-  };
-}
-
-// src/jira/client.ts
-async function createJiraClient(opts) {
-  if (opts.preferMcp !== false) {
-    const mcp = await createMcpBackend(opts.baseUrl);
-    if (mcp)
-      return mcp;
-  }
-  if (!opts.rest) {
-    throw new Error("Atlassian MCP not connected and no REST credentials provided (JIRA_EMAIL + JIRA_API_TOKEN).");
-  }
-  return createRestBackend(opts.baseUrl, opts.rest);
-}
-
-// src/bin-internal/fetch.ts
-async function fetchCmd(argv, opts = {}) {
-  const cwd = opts.cwd ?? process.cwd();
-  const ticket = argv[0];
-  if (!ticket) {
-    console.error("[xera:fetch] usage: xera-internal fetch <TICKET>");
-    return 1;
-  }
-  const config = await loadConfig(cwd);
-  const paths = resolveArtifactPaths(cwd, ticket);
-  let t;
-  if (process.env.XERA_TEST_JIRA) {
-    t = JSON.parse(process.env.XERA_TEST_JIRA);
-  } else {
-    const client = await createJiraClient({
-      baseUrl: config.jira.baseUrl,
-      preferMcp: true,
-      ...process.env.JIRA_EMAIL && process.env.JIRA_API_TOKEN ? { rest: { email: process.env.JIRA_EMAIL, apiToken: process.env.JIRA_API_TOKEN } } : {}
-    });
-    const fieldMap = config.jira.fields.acceptanceCriteria !== undefined ? { story: config.jira.fields.story, acceptanceCriteria: config.jira.fields.acceptanceCriteria } : { story: config.jira.fields.story };
-    t = await client.fetchTicket(ticket, fieldMap);
-  }
-  const story = renderStory(t);
-  mkdirSync3(dirname2(paths.storyPath), { recursive: true });
-  writeFileSync3(paths.storyPath, story);
-  const existing = readMeta(paths.metaPath);
-  writeMeta(paths.metaPath, {
-    ticket,
-    adapter: "web",
-    xera_version: "0.1.0",
-    prompts_version: "1.0.0",
-    ...existing ?? {},
-    story_hash: hashString(story),
-    fetched_at: new Date().toISOString()
-  });
-  console.log(`[xera:fetch] wrote ${paths.storyPath}`);
-  return 0;
-}
-function renderStory(t) {
-  const lines = [];
-  lines.push(`# ${t.key}: ${t.summary}`, "");
-  const story = t.story.trim();
-  if (/^##\s+story\b/i.test(story)) {
-    lines.push(story, "");
-  } else {
-    lines.push("## Story", "", story, "");
-  }
-  if (t.acceptanceCriteria && t.acceptanceCriteria.trim()) {
-    const ac = t.acceptanceCriteria.trim();
-    if (/^##\s+acceptance\s+criteria\b/i.test(ac)) {
-      lines.push(ac, "");
-    } else {
-      lines.push("## Acceptance Criteria", "", ac, "");
-    }
-  }
-  if (t.attachments.length > 0) {
-    lines.push("## Attachments", "", ...t.attachments.map((a) => `- [${a.filename}](${a.url})`), "");
-  }
-  return lines.join(`
-`);
-}
-
-// src/bin-internal/validate-feature.ts
-import { readFileSync as readFileSync4, existsSync as existsSync5 } from "fs";
-import { validateGherkin } from "@xera-ai/web";
-async function validateFeatureCmd(argv) {
-  const ticket = argv[0];
-  if (!ticket) {
-    console.error("[xera:validate-feature] usage: validate-feature <TICKET>");
-    return 1;
-  }
-  const paths = resolveArtifactPaths(process.cwd(), ticket);
-  if (!existsSync5(paths.featurePath)) {
-    console.error(`[xera:validate-feature] missing ${paths.featurePath}`);
-    return 1;
-  }
-  const r = validateGherkin(readFileSync4(paths.featurePath, "utf8"));
-  if (r.ok) {
-    console.log("[xera:validate-feature] ok");
-    return 0;
-  }
-  for (const e of r.errors)
-    console.error(`[xera:validate-feature] line ${e.line}: ${e.message}`);
-  return 2;
-}
-
-// src/bin-internal/typecheck.ts
-import { typecheckTicket } from "@xera-ai/web";
-async function typecheckCmd(argv) {
-  const ticket = argv[0];
-  if (!ticket) {
-    console.error("[xera:typecheck] usage: typecheck <TICKET>");
-    return 1;
-  }
-  const paths = resolveArtifactPaths(process.cwd(), ticket);
-  const r = await typecheckTicket(paths.ticketDir);
-  if (r.ok) {
-    console.log("[xera:typecheck] ok");
-    return 0;
-  }
-  for (const e of r.errors)
-    console.error(`[xera:typecheck] ${e}`);
-  return 2;
-}
-
-// src/bin-internal/lint.ts
-import { lintTicket } from "@xera-ai/web";
-async function lintCmd(argv) {
-  const ticket = argv[0];
-  if (!ticket) {
-    console.error("[xera:lint] usage: lint <TICKET>");
-    return 1;
-  }
-  const paths = resolveArtifactPaths(process.cwd(), ticket);
-  const r = await lintTicket(paths.ticketDir);
-  if (r.ok) {
-    console.log("[xera:lint] ok");
-    return 0;
-  }
-  for (const w of r.warnings)
-    console.error(`[xera:lint] ${w.file}:${w.line} [${w.rule}] ${w.message}`);
-  return 2;
-}
-
-// src/lock/file-lock.ts
-import { existsSync as existsSync6, readFileSync as readFileSync5, writeFileSync as writeFileSync4, unlinkSync, mkdirSync as mkdirSync4 } from "fs";
-import { dirname as dirname3 } from "path";
-import { hostname } from "os";
-function acquireLock(path, runId) {
-  if (existsSync6(path))
-    return false;
-  mkdirSync4(dirname3(path), { recursive: true });
-  const data = {
-    pid: process.pid,
-    hostname: hostname(),
-    started_at: new Date().toISOString(),
-    run_id: runId
-  };
-  try {
-    writeFileSync4(path, JSON.stringify(data), { flag: "wx" });
-    return true;
-  } catch {
-    return false;
-  }
-}
-function releaseLock(path) {
-  if (existsSync6(path))
-    unlinkSync(path);
-}
-function readLock(path) {
-  if (!existsSync6(path))
-    return null;
-  return JSON.parse(readFileSync5(path, "utf8"));
-}
-function isLockStale(path) {
-  const lock = readLock(path);
-  if (!lock)
-    return true;
-  if (lock.hostname !== hostname()) {
-    return false;
-  }
-  try {
-    process.kill(lock.pid, 0);
-    return false;
-  } catch {
-    return true;
-  }
-}
-function forceUnlock(path) {
-  releaseLock(path);
-}
-
-// src/logging/ndjson-logger.ts
-import { appendFileSync, mkdirSync as mkdirSync5, existsSync as existsSync7, readFileSync as readFileSync6 } from "fs";
-import { dirname as dirname4 } from "path";
-
-class NdjsonLogger {
-  path;
-  constructor(path) {
-    this.path = path;
-    mkdirSync5(dirname4(path), { recursive: true });
-  }
-  log(payload) {
-    const entry = { ts: new Date().toISOString(), ...payload };
-    appendFileSync(this.path, `${JSON.stringify(entry)}
-`);
-  }
-  static readAll(path) {
-    if (!existsSync7(path))
-      return [];
-    const txt = readFileSync6(path, "utf8").trim();
-    if (!txt)
-      return [];
-    return txt.split(`
-`).map((line) => JSON.parse(line));
-  }
-}
-
-// src/auth/state.ts
-import { existsSync as existsSync8, readFileSync as readFileSync7, writeFileSync as writeFileSync5, mkdirSync as mkdirSync6 } from "fs";
-import { join as join4 } from "path";
-import { z as z3 } from "zod";
-
-// src/auth/encrypt.ts
-import { randomBytes, createCipheriv, createDecipheriv } from "crypto";
-var ALGO = "aes-256-gcm";
-var KEY_LEN = 32;
-var IV_LEN = 12;
-var TAG_LEN = 16;
-var VERSION = "v1";
-function generateKey() {
-  return randomBytes(KEY_LEN).toString("hex");
-}
-function keyToBuf(key) {
-  const buf = Buffer.from(key, "hex");
-  if (buf.length !== KEY_LEN)
-    throw new Error(`Key must be ${KEY_LEN} bytes (got ${buf.length})`);
-  return buf;
-}
-function encrypt(plaintext, keyHex) {
-  const key = keyToBuf(keyHex);
-  const iv = randomBytes(IV_LEN);
-  const cipher = createCipheriv(ALGO, key, iv);
-  const ct = Buffer.concat([cipher.update(plaintext, "utf8"), cipher.final()]);
-  const tag = cipher.getAuthTag();
-  return `${VERSION}:${iv.toString("base64")}:${tag.toString("base64")}:${ct.toString("base64")}`;
-}
-function decrypt(ciphertext, keyHex) {
-  const [version, ivB64, tagB64, ctB64] = ciphertext.split(":");
-  if (version !== VERSION)
-    throw new Error(`Unsupported ciphertext version: ${version}`);
-  if (!ivB64 || !tagB64 || !ctB64)
-    throw new Error("Malformed ciphertext");
-  const key = keyToBuf(keyHex);
-  const iv = Buffer.from(ivB64, "base64");
-  const tag = Buffer.from(tagB64, "base64");
-  const ct = Buffer.from(ctB64, "base64");
-  if (tag.length !== TAG_LEN)
-    throw new Error("Bad auth tag length");
-  const decipher = createDecipheriv(ALGO, key, iv);
-  decipher.setAuthTag(tag);
-  return Buffer.concat([decipher.update(ct), decipher.final()]).toString("utf8");
+  };
 }
 
-// src/auth/key.ts
-var AUTH_KEY_ENV = "XERA_AUTH_KEY";
-function resolveAuthKey() {
-  const key = process.env[AUTH_KEY_ENV];
-  if (!key) {
-    throw new Error(`${AUTH_KEY_ENV} not set. It is auto-generated by \`xera init\` and saved to .env. ` + `If you deleted .env, regenerate it by running \`xera init --update\` \u2014 note that any cached auth state will be invalidated.`);
+// src/jira/client.ts
+async function createJiraClient(opts) {
+  if (opts.preferMcp !== false) {
+    const mcp = await createMcpBackend(opts.baseUrl);
+    if (mcp)
+      return mcp;
   }
-  if (!/^[0-9a-f]{64}$/i.test(key)) {
-    throw new Error(`${AUTH_KEY_ENV} must be a 64-character hex string (32 bytes).`);
+  if (!opts.rest) {
+    throw new Error("Atlassian MCP not connected and no REST credentials provided (JIRA_EMAIL + JIRA_API_TOKEN).");
   }
-  return key;
-}
-
-// src/auth/state.ts
-var AuthStateEntrySchema = z3.object({
-  role: z3.string(),
-  strategy: z3.enum(["storageState", "apiToken"]),
-  created_at: z3.string(),
-  expires_at: z3.string(),
-  payload: z3.record(z3.string(), z3.unknown())
-});
-function pathFor(authDir, role) {
-  return join4(authDir, `${role}.json`);
-}
-function writeAuthState(authDir, entry) {
-  mkdirSync6(authDir, { recursive: true });
-  const ct = encrypt(JSON.stringify(entry), resolveAuthKey());
-  writeFileSync5(pathFor(authDir, entry.role), ct);
-}
-function readAuthState(authDir, role) {
-  const p = pathFor(authDir, role);
-  if (!existsSync8(p))
-    return null;
-  const txt = readFileSync7(p, "utf8");
-  const plain = decrypt(txt, resolveAuthKey());
-  return AuthStateEntrySchema.parse(JSON.parse(plain));
-}
-
-// src/auth/refresh.ts
-var RE = /^(\d+)([hms])$/;
-function parseDuration(d) {
-  const m = RE.exec(d);
-  if (!m)
-    throw new Error(`Bad duration "${d}" \u2014 expected e.g. "8h", "30m", "45s"`);
-  const n = Number(m[1]);
-  const unit = m[2];
-  if (unit === "h")
-    return n * 3600 * 1000;
-  if (unit === "m")
-    return n * 60 * 1000;
-  return n * 1000;
-}
-function needsRefresh(entry, policy, now = new Date) {
-  if (!entry)
-    return true;
-  const ttlMs = parseDuration(policy.ttl);
-  const bufMs = parseDuration(policy.refreshBuffer);
-  const createdAt = new Date(entry.created_at).getTime();
-  if (now.getTime() - createdAt > ttlMs)
-    return true;
-  const expiresAt = new Date(entry.expires_at).getTime();
-  if (expiresAt - now.getTime() < bufMs)
-    return true;
-  return false;
+  return createRestBackend(opts.baseUrl, opts.rest);
 }
 
-// src/bin-internal/exec.ts
-import { stagePlaywrightState, runAuthSetup, runPlaywright } from "@xera-ai/web";
-import { chromium } from "@playwright/test";
-import { mkdirSync as mkdirSync7, existsSync as existsSync9 } from "fs";
-import { join as join5 } from "path";
-async function execCmd(argv) {
+// src/bin-internal/fetch.ts
+async function fetchCmd(argv, opts = {}) {
+  const cwd = opts.cwd ?? process.cwd();
   const ticket = argv[0];
   if (!ticket) {
-    console.error("[xera:exec] usage: exec <TICKET>");
+    console.error("[xera:fetch] usage: xera-internal fetch <TICKET>");
     return 1;
   }
-  const cwd = process.cwd();
   const config = await loadConfig(cwd);
   const paths = resolveArtifactPaths(cwd, ticket);
-  const runId = generateRunId();
-  const log = new NdjsonLogger(paths.logPath);
-  if (!acquireLock(paths.lockPath, runId)) {
-    if (isLockStale(paths.lockPath)) {
-      console.error(`[xera:exec] stale lock detected; force unlocking. Run \`xera-internal unlock ${ticket}\` to clear manually.`);
-      forceUnlock(paths.lockPath);
-      acquireLock(paths.lockPath, runId);
+  let t;
+  if (process.env.XERA_TEST_JIRA) {
+    t = JSON.parse(process.env.XERA_TEST_JIRA);
+  } else {
+    const client = await createJiraClient({
+      baseUrl: config.jira.baseUrl,
+      preferMcp: true,
+      ...process.env.JIRA_EMAIL && process.env.JIRA_API_TOKEN ? { rest: { email: process.env.JIRA_EMAIL, apiToken: process.env.JIRA_API_TOKEN } } : {}
+    });
+    const fieldMap = config.jira.fields.acceptanceCriteria !== undefined ? {
+      story: config.jira.fields.story,
+      acceptanceCriteria: config.jira.fields.acceptanceCriteria
+    } : { story: config.jira.fields.story };
+    t = await client.fetchTicket(ticket, fieldMap);
+  }
+  const story = renderStory(t);
+  mkdirSync8(dirname4(paths.storyPath), { recursive: true });
+  writeFileSync8(paths.storyPath, story);
+  const existing = readMeta(paths.metaPath);
+  writeMeta(paths.metaPath, {
+    ticket,
+    adapter: "web",
+    xera_version: "0.1.0",
+    prompts_version: "1.0.0",
+    ...existing ?? {},
+    story_hash: hashString(story),
+    fetched_at: new Date().toISOString()
+  });
+  console.log(`[xera:fetch] wrote ${paths.storyPath}`);
+  return 0;
+}
+function renderStory(t) {
+  const lines = [];
+  lines.push(`# ${t.key}: ${t.summary}`, "");
+  const story = t.story.trim();
+  if (/^##\s+story\b/i.test(story)) {
+    lines.push(story, "");
+  } else {
+    lines.push("## Story", "", story, "");
+  }
+  if (t.acceptanceCriteria?.trim()) {
+    const ac = t.acceptanceCriteria.trim();
+    if (/^##\s+acceptance\s+criteria\b/i.test(ac)) {
+      lines.push(ac, "");
     } else {
-      const existing = readLock(paths.lockPath);
-      console.error(`[xera:exec] another run in progress (PID ${existing?.pid} on ${existing?.hostname}, started ${existing?.started_at}). Wait or run \`xera-internal unlock ${ticket}\`.`);
-      return 1;
+      lines.push("## Acceptance Criteria", "", ac, "");
     }
   }
-  const t0 = Date.now();
-  try {
-    if (config.web.auth.strategy === "storageState" && config.web.auth.setupScript) {
-      const browser = await chromium.launch();
-      try {
-        for (const [roleName, roleCreds] of Object.entries(config.web.auth.roles)) {
-          const entry = readAuthState(paths.authDir, roleName);
-          if (needsRefresh(entry, { ttl: config.web.auth.ttl, refreshBuffer: config.web.auth.refreshBuffer })) {
-            const email = process.env[roleCreds.envEmail];
-            const password = process.env[roleCreds.envPassword];
-            if (!email || !password) {
-              console.error(`[xera:exec] missing env ${roleCreds.envEmail} or ${roleCreds.envPassword} for role "${roleName}"`);
-              return 1;
-            }
-            await runAuthSetup({
-              role: roleName,
-              creds: { email, password },
-              setupScriptPath: join5(cwd, config.web.auth.setupScript),
-              authDir: paths.authDir,
-              browser
-            });
-            log.log({ step: "auth-refresh", role: roleName });
+  if (t.attachments.length > 0) {
+    lines.push("## Attachments", "", ...t.attachments.map((a) => `- [${a.filename}](${a.url})`), "");
+  }
+  return lines.join(`
+`);
+}
+
+// src/bin-internal/heal-prepare.ts
+import { existsSync as existsSync14, readFileSync as readFileSync12, readdirSync as readdirSync3, writeFileSync as writeFileSync9 } from "fs";
+import { join as join11 } from "path";
+import { scrubFreeText } from "@xera-ai/web";
+
+// ../../node_modules/.bun/fflate@0.8.2/node_modules/fflate/esm/index.mjs
+import { createRequire } from "module";
+var require2 = createRequire("/");
+var Worker;
+try {
+  Worker = require2("worker_threads").Worker;
+} catch (e) {}
+var u8 = Uint8Array;
+var u16 = Uint16Array;
+var i32 = Int32Array;
+var fleb = new u8([0, 0, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1, 2, 2, 2, 2, 3, 3, 3, 3, 4, 4, 4, 4, 5, 5, 5, 5, 0, 0, 0, 0]);
+var fdeb = new u8([0, 0, 0, 0, 1, 1, 2, 2, 3, 3, 4, 4, 5, 5, 6, 6, 7, 7, 8, 8, 9, 9, 10, 10, 11, 11, 12, 12, 13, 13, 0, 0]);
+var clim = new u8([16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15]);
+var freb = function(eb, start) {
+  var b = new u16(31);
+  for (var i = 0;i < 31; ++i) {
+    b[i] = start += 1 << eb[i - 1];
+  }
+  var r = new i32(b[30]);
+  for (var i = 1;i < 30; ++i) {
+    for (var j = b[i];j < b[i + 1]; ++j) {
+      r[j] = j - b[i] << 5 | i;
+    }
+  }
+  return { b, r };
+};
+var _a = freb(fleb, 2);
+var fl = _a.b;
+var revfl = _a.r;
+fl[28] = 258, revfl[258] = 28;
+var _b = freb(fdeb, 0);
+var fd = _b.b;
+var revfd = _b.r;
+var rev = new u16(32768);
+for (i = 0;i < 32768; ++i) {
+  x = (i & 43690) >> 1 | (i & 21845) << 1;
+  x = (x & 52428) >> 2 | (x & 13107) << 2;
+  x = (x & 61680) >> 4 | (x & 3855) << 4;
+  rev[i] = ((x & 65280) >> 8 | (x & 255) << 8) >> 1;
+}
+var x;
+var i;
+var hMap = function(cd, mb, r) {
+  var s = cd.length;
+  var i2 = 0;
+  var l = new u16(mb);
+  for (;i2 < s; ++i2) {
+    if (cd[i2])
+      ++l[cd[i2] - 1];
+  }
+  var le = new u16(mb);
+  for (i2 = 1;i2 < mb; ++i2) {
+    le[i2] = le[i2 - 1] + l[i2 - 1] << 1;
+  }
+  var co;
+  if (r) {
+    co = new u16(1 << mb);
+    var rvb = 15 - mb;
+    for (i2 = 0;i2 < s; ++i2) {
+      if (cd[i2]) {
+        var sv = i2 << 4 | cd[i2];
+        var r_1 = mb - cd[i2];
+        var v = le[cd[i2] - 1]++ << r_1;
+        for (var m = v | (1 << r_1) - 1;v <= m; ++v) {
+          co[rev[v] >> rvb] = sv;
+        }
+      }
+    }
+  } else {
+    co = new u16(s);
+    for (i2 = 0;i2 < s; ++i2) {
+      if (cd[i2]) {
+        co[i2] = rev[le[cd[i2] - 1]++] >> 15 - cd[i2];
+      }
+    }
+  }
+  return co;
+};
+var flt = new u8(288);
+for (i = 0;i < 144; ++i)
+  flt[i] = 8;
+var i;
+for (i = 144;i < 256; ++i)
+  flt[i] = 9;
+var i;
+for (i = 256;i < 280; ++i)
+  flt[i] = 7;
+var i;
+for (i = 280;i < 288; ++i)
+  flt[i] = 8;
+var i;
+var fdt = new u8(32);
+for (i = 0;i < 32; ++i)
+  fdt[i] = 5;
+var i;
+var flrm = /* @__PURE__ */ hMap(flt, 9, 1);
+var fdrm = /* @__PURE__ */ hMap(fdt, 5, 1);
+var max = function(a) {
+  var m = a[0];
+  for (var i2 = 1;i2 < a.length; ++i2) {
+    if (a[i2] > m)
+      m = a[i2];
+  }
+  return m;
+};
+var bits = function(d, p, m) {
+  var o = p / 8 | 0;
+  return (d[o] | d[o + 1] << 8) >> (p & 7) & m;
+};
+var bits16 = function(d, p) {
+  var o = p / 8 | 0;
+  return (d[o] | d[o + 1] << 8 | d[o + 2] << 16) >> (p & 7);
+};
+var shft = function(p) {
+  return (p + 7) / 8 | 0;
+};
+var slc = function(v, s, e) {
+  if (s == null || s < 0)
+    s = 0;
+  if (e == null || e > v.length)
+    e = v.length;
+  return new u8(v.subarray(s, e));
+};
+var ec = [
+  "unexpected EOF",
+  "invalid block type",
+  "invalid length/literal",
+  "invalid distance",
+  "stream finished",
+  "no stream handler",
+  ,
+  "no callback",
+  "invalid UTF-8 data",
+  "extra field too long",
+  "date not in range 1980-2099",
+  "filename too long",
+  "stream finishing",
+  "invalid zip data"
+];
+var err = function(ind, msg, nt) {
+  var e = new Error(msg || ec[ind]);
+  e.code = ind;
+  if (Error.captureStackTrace)
+    Error.captureStackTrace(e, err);
+  if (!nt)
+    throw e;
+  return e;
+};
+var inflt = function(dat, st, buf, dict) {
+  var sl = dat.length, dl = dict ? dict.length : 0;
+  if (!sl || st.f && !st.l)
+    return buf || new u8(0);
+  var noBuf = !buf;
+  var resize = noBuf || st.i != 2;
+  var noSt = st.i;
+  if (noBuf)
+    buf = new u8(sl * 3);
+  var cbuf = function(l2) {
+    var bl = buf.length;
+    if (l2 > bl) {
+      var nbuf = new u8(Math.max(bl * 2, l2));
+      nbuf.set(buf);
+      buf = nbuf;
+    }
+  };
+  var final = st.f || 0, pos = st.p || 0, bt = st.b || 0, lm = st.l, dm = st.d, lbt = st.m, dbt = st.n;
+  var tbts = sl * 8;
+  do {
+    if (!lm) {
+      final = bits(dat, pos, 1);
+      var type = bits(dat, pos + 1, 3);
+      pos += 3;
+      if (!type) {
+        var s = shft(pos) + 4, l = dat[s - 4] | dat[s - 3] << 8, t = s + l;
+        if (t > sl) {
+          if (noSt)
+            err(0);
+          break;
+        }
+        if (resize)
+          cbuf(bt + l);
+        buf.set(dat.subarray(s, t), bt);
+        st.b = bt += l, st.p = pos = t * 8, st.f = final;
+        continue;
+      } else if (type == 1)
+        lm = flrm, dm = fdrm, lbt = 9, dbt = 5;
+      else if (type == 2) {
+        var hLit = bits(dat, pos, 31) + 257, hcLen = bits(dat, pos + 10, 15) + 4;
+        var tl = hLit + bits(dat, pos + 5, 31) + 1;
+        pos += 14;
+        var ldt = new u8(tl);
+        var clt = new u8(19);
+        for (var i2 = 0;i2 < hcLen; ++i2) {
+          clt[clim[i2]] = bits(dat, pos + i2 * 3, 7);
+        }
+        pos += hcLen * 3;
+        var clb = max(clt), clbmsk = (1 << clb) - 1;
+        var clm = hMap(clt, clb, 1);
+        for (var i2 = 0;i2 < tl; ) {
+          var r = clm[bits(dat, pos, clbmsk)];
+          pos += r & 15;
+          var s = r >> 4;
+          if (s < 16) {
+            ldt[i2++] = s;
+          } else {
+            var c = 0, n = 0;
+            if (s == 16)
+              n = 3 + bits(dat, pos, 3), pos += 2, c = ldt[i2 - 1];
+            else if (s == 17)
+              n = 3 + bits(dat, pos, 7), pos += 3;
+            else if (s == 18)
+              n = 11 + bits(dat, pos, 127), pos += 7;
+            while (n--)
+              ldt[i2++] = c;
           }
         }
-      } finally {
-        await browser.close();
+        var lt = ldt.subarray(0, hLit), dt = ldt.subarray(hLit);
+        lbt = max(lt);
+        dbt = max(dt);
+        lm = hMap(lt, lbt, 1);
+        dm = hMap(dt, dbt, 1);
+      } else
+        err(1);
+      if (pos > tbts) {
+        if (noSt)
+          err(0);
+        break;
       }
     }
-    if (config.web.auth.strategy === "storageState") {
-      for (const roleName of Object.keys(config.web.auth.roles)) {
-        if (readAuthState(paths.authDir, roleName)) {
-          stagePlaywrightState(paths.authDir, roleName);
+    if (resize)
+      cbuf(bt + 131072);
+    var lms = (1 << lbt) - 1, dms = (1 << dbt) - 1;
+    var lpos = pos;
+    for (;; lpos = pos) {
+      var c = lm[bits16(dat, pos) & lms], sym = c >> 4;
+      pos += c & 15;
+      if (pos > tbts) {
+        if (noSt)
+          err(0);
+        break;
+      }
+      if (!c)
+        err(2);
+      if (sym < 256)
+        buf[bt++] = sym;
+      else if (sym == 256) {
+        lpos = pos, lm = null;
+        break;
+      } else {
+        var add = sym - 254;
+        if (sym > 264) {
+          var i2 = sym - 257, b = fleb[i2];
+          add = bits(dat, pos, (1 << b) - 1) + fl[i2];
+          pos += b;
+        }
+        var d = dm[bits16(dat, pos) & dms], dsym = d >> 4;
+        if (!d)
+          err(3);
+        pos += d & 15;
+        var dt = fd[dsym];
+        if (dsym > 3) {
+          var b = fdeb[dsym];
+          dt += bits16(dat, pos) & (1 << b) - 1, pos += b;
+        }
+        if (pos > tbts) {
+          if (noSt)
+            err(0);
+          break;
+        }
+        if (resize)
+          cbuf(bt + 131072);
+        var end = bt + add;
+        if (bt < dt) {
+          var shift = dl - dt, dend = Math.min(dt, end);
+          if (shift + bt < 0)
+            err(3);
+          for (;bt < dend; ++bt)
+            buf[bt] = dict[shift + bt];
         }
+        for (;bt < end; ++bt)
+          buf[bt] = buf[bt - dt];
       }
     }
-    const cfgPath = join5(cwd, "playwright.config.ts");
-    if (!existsSync9(cfgPath)) {
-      console.error(`[xera:exec] missing ${cfgPath}. Run \`xera init\` to scaffold it, then re-run.`);
-      return 1;
+    st.l = lm, st.p = lpos, st.b = bt, st.f = final;
+    if (lm)
+      final = 1, st.m = lbt, st.d = dm, st.n = dbt;
+  } while (!final);
+  return bt != buf.length && noBuf ? slc(buf, 0, bt) : buf.subarray(0, bt);
+};
+var et = /* @__PURE__ */ new u8(0);
+var b2 = function(d, b) {
+  return d[b] | d[b + 1] << 8;
+};
+var b4 = function(d, b) {
+  return (d[b] | d[b + 1] << 8 | d[b + 2] << 16 | d[b + 3] << 24) >>> 0;
+};
+var b8 = function(d, b) {
+  return b4(d, b) + b4(d, b + 4) * 4294967296;
+};
+function inflateSync(data, opts) {
+  return inflt(data, { i: 2 }, opts && opts.out, opts && opts.dictionary);
+}
+var td = typeof TextDecoder != "undefined" && /* @__PURE__ */ new TextDecoder;
+var tds = 0;
+try {
+  td.decode(et, { stream: true });
+  tds = 1;
+} catch (e) {}
+var dutf8 = function(d) {
+  for (var r = "", i2 = 0;; ) {
+    var c = d[i2++];
+    var eb = (c > 127) + (c > 223) + (c > 239);
+    if (i2 + eb > d.length)
+      return { s: r, r: slc(d, i2 - 1) };
+    if (!eb)
+      r += String.fromCharCode(c);
+    else if (eb == 3) {
+      c = ((c & 15) << 18 | (d[i2++] & 63) << 12 | (d[i2++] & 63) << 6 | d[i2++] & 63) - 65536, r += String.fromCharCode(55296 | c >> 10, 56320 | c & 1023);
+    } else if (eb & 1)
+      r += String.fromCharCode((c & 31) << 6 | d[i2++] & 63);
+    else
+      r += String.fromCharCode((c & 15) << 12 | (d[i2++] & 63) << 6 | d[i2++] & 63);
+  }
+};
+function strFromU8(dat, latin1) {
+  if (latin1) {
+    var r = "";
+    for (var i2 = 0;i2 < dat.length; i2 += 16384)
+      r += String.fromCharCode.apply(null, dat.subarray(i2, i2 + 16384));
+    return r;
+  } else if (td) {
+    return td.decode(dat);
+  } else {
+    var _a2 = dutf8(dat), s = _a2.s, r = _a2.r;
+    if (r.length)
+      err(8);
+    return s;
+  }
+}
+var slzh = function(d, b) {
+  return b + 30 + b2(d, b + 26) + b2(d, b + 28);
+};
+var zh = function(d, b, z5) {
+  var fnl = b2(d, b + 28), fn = strFromU8(d.subarray(b + 46, b + 46 + fnl), !(b2(d, b + 8) & 2048)), es = b + 46 + fnl, bs = b4(d, b + 20);
+  var _a2 = z5 && bs == 4294967295 ? z64e(d, es) : [bs, b4(d, b + 24), b4(d, b + 42)], sc = _a2[0], su = _a2[1], off = _a2[2];
+  return [b2(d, b + 10), sc, su, fn, es + b2(d, b + 30) + b2(d, b + 32), off];
+};
+var z64e = function(d, b) {
+  for (;b2(d, b) != 1; b += 4 + b2(d, b + 2))
+    ;
+  return [b8(d, b + 12), b8(d, b + 4), b8(d, b + 20)];
+};
+function unzipSync(data, opts) {
+  var files = {};
+  var e = data.length - 22;
+  for (;b4(data, e) != 101010256; --e) {
+    if (!e || data.length - e > 65558)
+      err(13);
+  }
+  var c = b2(data, e + 8);
+  if (!c)
+    return {};
+  var o = b4(data, e + 16);
+  var z5 = o == 4294967295 || c == 65535;
+  if (z5) {
+    var ze = b4(data, e - 12);
+    z5 = b4(data, ze) == 101075792;
+    if (z5) {
+      c = b4(data, ze + 32);
+      o = b4(data, ze + 48);
     }
-    const runDir = paths.runPath(runId).runDir;
-    mkdirSync7(runDir, { recursive: true });
-    const envName = process.env.XERA_ENV ?? config.web.defaultEnv;
-    const baseURL = config.web.baseUrl[envName] ?? config.web.baseUrl[config.web.defaultEnv];
-    log.log({ step: "exec.start", runId, env: envName, baseURL });
-    const r = await runPlaywright({
-      specPath: paths.specPath,
-      configPath: cfgPath,
-      outputDir: runDir,
-      env: { XERA_BASE_URL: baseURL, XERA_ENV: envName }
-    });
-    log.log({ step: "exec.done", runId, exit: r.exitCode, ms: Date.now() - t0 });
-    console.log(`[xera:exec] runId=${runId} outcome=${r.outcome}`);
-    return r.outcome === "PASS" ? 0 : 3;
-  } finally {
-    releaseLock(paths.lockPath);
   }
+  var fltr = opts && opts.filter;
+  for (var i2 = 0;i2 < c; ++i2) {
+    var _a2 = zh(data, o, z5), c_2 = _a2[0], sc = _a2[1], su = _a2[2], fn = _a2[3], no = _a2[4], off = _a2[5], b = slzh(data, off);
+    o = no;
+    if (!fltr || fltr({
+      name: fn,
+      size: sc,
+      originalSize: su,
+      compression: c_2
+    })) {
+      if (!c_2)
+        files[fn] = slc(data, b, b + sc);
+      else if (c_2 == 8)
+        files[fn] = inflateSync(data.subarray(b, b + sc), { out: new u8(su) });
+      else
+        err(14, "unknown compression type " + c_2);
+    }
+  }
+  return files;
+}
+
+// src/bin-internal/heal-prepare.ts
+var LOCATOR_LINE_RE = /^Locator:\s*(.+)$/m;
+function classifyKind(raw) {
+  if (/^getByRole\b/.test(raw))
+    return "role";
+  if (/^getByTestId\b/.test(raw))
+    return "test-id";
+  if (/^getByLabel\b/.test(raw))
+    return "label";
+  if (/^getByText\b/.test(raw))
+    return "text";
+  if (/^locator\(\s*['"`]\s*\.[A-Za-z_-]/.test(raw))
+    return "css-class";
+  return "other";
+}
+function extractDomSnapshot(tracePath) {
+  if (!existsSync14(tracePath))
+    return "";
+  const buf = readFileSync12(tracePath);
+  const entries = unzipSync(buf);
+  const traceKey = Object.keys(entries).find((name) => name.endsWith(".trace"));
+  let chosenKey = null;
+  if (traceKey) {
+    const traceText = new TextDecoder().decode(entries[traceKey]);
+    const lines = traceText.split(`
+`).filter(Boolean);
+    for (let i2 = lines.length - 1;i2 >= 0; i2--) {
+      try {
+        const evt = JSON.parse(lines[i2]);
+        const isSnapshot = evt.type === "frame-snapshot" || evt.type === "snapshot";
+        if (!isSnapshot)
+          continue;
+        const snap = evt.snapshot ?? {};
+        const resourceName = snap.resourceName;
+        if (typeof resourceName === "string") {
+          if (entries[resourceName]) {
+            chosenKey = resourceName;
+            break;
+          }
+          const guessed = `resources/${resourceName.replace(/^resources\//, "")}`;
+          if (entries[guessed]) {
+            chosenKey = guessed;
+            break;
+          }
+        }
+        const snapshotName = snap.snapshotName;
+        if (typeof snapshotName === "string") {
+          const directGuess = Object.keys(entries).find((k) => k.endsWith(".html") && k.includes(snapshotName));
+          if (directGuess) {
+            chosenKey = directGuess;
+            break;
+          }
+        }
+      } catch {}
+    }
+  }
+  if (!chosenKey) {
+    const htmlKeys = Object.keys(entries).filter((name) => name.endsWith(".html")).sort();
+    chosenKey = htmlKeys[htmlKeys.length - 1] ?? null;
+  }
+  if (!chosenKey)
+    return "";
+  const html = new TextDecoder().decode(entries[chosenKey]);
+  return scrubFreeText(html);
+}
+function findPomLine(ticketDir, rawLocator) {
+  const pomDir = join11(ticketDir, "page-objects");
+  const candidates = [];
+  if (existsSync14(pomDir)) {
+    for (const name of readdirSync3(pomDir)) {
+      if (name.endsWith(".ts"))
+        candidates.push(join11(pomDir, name));
+    }
+  }
+  for (const file of candidates) {
+    const text = readFileSync12(file, "utf8");
+    const lines = text.split(`
+`);
+    for (let i2 = 0;i2 < lines.length; i2++) {
+      const line = lines[i2];
+      if (line.includes(rawLocator)) {
+        const methodMatch = /^\s*(\w+)\s*=/.exec(line);
+        return {
+          pomFile: file,
+          pomLine: i2 + 1,
+          pomLineContent: line,
+          pomMethodName: methodMatch?.[1] ?? "<anonymous>"
+        };
+      }
+    }
+  }
+  throw new Error(`POM line not found for locator: ${rawLocator}`);
+}
+function findGherkinStep(featureText, rawLocator) {
+  const quoteMatch = /['"`]([^'"`]{2,})['"`]/.exec(rawLocator);
+  if (quoteMatch) {
+    const needle = quoteMatch[1];
+    for (const line of featureText.split(`
+`)) {
+      if (line.includes(needle) && /^\s*(When|Then|And|Given)\b/.test(line)) {
+        return line.trim();
+      }
+    }
+  }
+  for (const line of featureText.split(`
+`)) {
+    if (/^\s*(When|Then)\b/.test(line))
+      return line.trim();
+  }
+  return "";
+}
+function healPrepare(repoRoot, ticket, runId, scenarioName) {
+  const paths = resolveArtifactPaths(repoRoot, ticket);
+  const classifierPath = join11(paths.ticketDir, "classifier-input.json");
+  const classifier = JSON.parse(readFileSync12(classifierPath, "utf8"));
+  const cls = classifier.scenarios.find((s) => s.name === scenarioName);
+  if (!cls)
+    throw new Error(`scenario not found in classifier-input: "${scenarioName}"`);
+  const runDir = join11(paths.runsDir, runId);
+  const normalized = JSON.parse(readFileSync12(join11(runDir, "normalized.json"), "utf8"));
+  const normSc = normalized.scenarios.find((s) => s.name === scenarioName);
+  if (!normSc?.failure)
+    throw new Error(`no failure recorded for scenario "${scenarioName}"`);
+  const errorMessage = normSc.failure.errorMessage ?? "";
+  const m = LOCATOR_LINE_RE.exec(errorMessage);
+  if (!m)
+    throw new Error(`cannot extract locator from errorMessage: ${errorMessage.slice(0, 80)}`);
+  const raw = m[1].trim();
+  const kind = classifyKind(raw);
+  const pomLoc = findPomLine(paths.ticketDir, raw);
+  const featureText = readFileSync12(paths.featurePath, "utf8");
+  const gherkinStep = findGherkinStep(featureText, raw);
+  const domSnapshotAtFailure = extractDomSnapshot(join11(runDir, "trace.zip"));
+  return {
+    ticket,
+    runId,
+    scenarioName,
+    failedLocator: { raw, kind, ...pomLoc },
+    gherkinStep,
+    domSnapshotAtFailure
+  };
+}
+async function healPrepareCmd(argv) {
+  const [ticket, runId, ...scenarioParts] = argv;
+  if (!ticket || !runId || scenarioParts.length === 0) {
+    console.error("[xera:heal-prepare] usage: heal-prepare <TICKET> <RUN_ID> <SCENARIO_NAME>");
+    return 1;
+  }
+  const scenarioName = scenarioParts.join(" ");
+  try {
+    const result = healPrepare(process.cwd(), ticket, runId, scenarioName);
+    const paths = resolveArtifactPaths(process.cwd(), ticket);
+    const outPath = join11(paths.runsDir, runId, "heal-input.json");
+    writeFileSync9(outPath, JSON.stringify(result, null, 2));
+    console.log(`[xera:heal-prepare] wrote ${outPath}`);
+    return 0;
+  } catch (err2) {
+    console.error(`[xera:heal-prepare] ${err2.message}`);
+    return 1;
+  }
+}
+
+// src/bin-internal/lint.ts
+import { lintTicket } from "@xera-ai/web";
+async function lintCmd(argv) {
+  const ticket = argv[0];
+  if (!ticket) {
+    console.error("[xera:lint] usage: lint <TICKET>");
+    return 1;
+  }
+  const paths = resolveArtifactPaths(process.cwd(), ticket);
+  const r = await lintTicket(paths.ticketDir);
+  if (r.ok) {
+    console.log("[xera:lint] ok");
+    return 0;
+  }
+  for (const w of r.warnings)
+    console.error(`[xera:lint] ${w.file}:${w.line} [${w.rule}] ${w.message}`);
+  return 2;
 }
 
 // src/bin-internal/normalize.ts
+import { existsSync as existsSync15, readdirSync as readdirSync4 } from "fs";
+import { join as join12 } from "path";
 import { normalizeRun } from "@xera-ai/web";
-import { readdirSync, existsSync as existsSync10 } from "fs";
-import { join as join6 } from "path";
 async function normalizeCmd(argv) {
   const ticket = argv[0];
   if (!ticket) {
@@ -702,13 +1967,13 @@ async function normalizeCmd(argv) {
   }
   const paths = resolveArtifactPaths(process.cwd(), ticket);
   const runArg = argv.find((a) => a.startsWith("--run="));
-  const runId = runArg ? runArg.split("=")[1] : readdirSync(paths.runsDir).filter((n) => !n.startsWith(".")).sort().pop();
+  const runId = runArg ? runArg.split("=")[1] : readdirSync4(paths.runsDir).filter((n) => !n.startsWith(".")).sort().pop();
   if (!runId) {
     console.error("[xera:normalize] no run found");
     return 1;
   }
-  const runDir = join6(paths.runsDir, runId);
-  if (!existsSync10(runDir)) {
+  const runDir = join12(paths.runsDir, runId);
+  if (!existsSync15(runDir)) {
     console.error(`[xera:normalize] runs/${runId} missing`);
     return 1;
   }
@@ -717,77 +1982,46 @@ async function normalizeCmd(argv) {
   return 0;
 }
 
-// src/bin-internal/report.ts
-import { readFileSync as readFileSync9, writeFileSync as writeFileSync7 } from "fs";
-import { join as join7 } from "path";
-
-// src/classifier/aggregate.ts
-var CLASS_PRIORITY = [
-  "REAL_BUG",
-  "TEST_BUG",
-  "SELECTOR_DRIFT",
-  "FLAKY",
-  "PASS"
-];
-var CONF_RANK = { low: 1, medium: 2, high: 3 };
-function aggregateScenarios(scenarios) {
-  if (scenarios.length === 0) {
-    return { overall: "PASS", overallConfidence: "low", scenarios: [] };
-  }
-  if (scenarios.every((s) => s.outcome === "PASS")) {
-    return { overall: "PASS", overallConfidence: "high", scenarios };
-  }
-  let chosen = "PASS";
-  for (const cls of CLASS_PRIORITY) {
-    if (scenarios.some((s) => s.class === cls)) {
-      chosen = cls;
-      break;
-    }
-  }
-  const matching = scenarios.filter((s) => s.class === chosen);
-  const minConf = matching.reduce((acc, s) => CONF_RANK[s.confidence] < CONF_RANK[acc] ? s.confidence : acc, "high");
-  return { overall: chosen, overallConfidence: minConf, scenarios };
-}
-
-// src/reporter/status-writer.ts
-import { existsSync as existsSync12 } from "fs";
+// src/bin-internal/post.ts
+import { existsSync as existsSync17, readFileSync as readFileSync14 } from "fs";
+import { join as join13 } from "path";
 
 // src/artifact/status.ts
-import { existsSync as existsSync11, readFileSync as readFileSync8, writeFileSync as writeFileSync6, mkdirSync as mkdirSync8 } from "fs";
+import { existsSync as existsSync16, mkdirSync as mkdirSync9, readFileSync as readFileSync13, writeFileSync as writeFileSync10 } from "fs";
 import { dirname as dirname5 } from "path";
-import { z as z4 } from "zod";
-var ClassificationEnum = z4.enum(["PASS", "REAL_BUG", "SELECTOR_DRIFT", "FLAKY", "TEST_BUG"]);
-var ResultEnum = z4.enum(["PASS", "FAIL"]);
-var ConfidenceEnum = z4.enum(["low", "medium", "high"]);
-var HistoryEntrySchema = z4.object({
-  ts: z4.string(),
+import { z as z5 } from "zod";
+var ClassificationEnum = z5.enum(["PASS", "REAL_BUG", "SELECTOR_DRIFT", "FLAKY", "TEST_BUG"]);
+var ResultEnum = z5.enum(["PASS", "FAIL"]);
+var ConfidenceEnum = z5.enum(["low", "medium", "high"]);
+var HistoryEntrySchema = z5.object({
+  ts: z5.string(),
   result: ResultEnum,
   class: ClassificationEnum
 });
-var StatusJsonSchema = z4.object({
-  ticket: z4.string(),
-  lastRun: z4.string(),
+var StatusJsonSchema = z5.object({
+  ticket: z5.string(),
+  lastRun: z5.string(),
   result: ResultEnum,
   classification: ClassificationEnum,
   confidence: ConfidenceEnum,
-  scenarios: z4.object({
-    total: z4.number().int().nonnegative(),
-    passed: z4.number().int().nonnegative(),
-    failed: z4.number().int().nonnegative(),
-    skipped: z4.number().int().nonnegative()
+  scenarios: z5.object({
+    total: z5.number().int().nonnegative(),
+    passed: z5.number().int().nonnegative(),
+    failed: z5.number().int().nonnegative(),
+    skipped: z5.number().int().nonnegative()
   }),
-  history: z4.array(HistoryEntrySchema).default([]),
-  last_jira_comment_id: z4.string().optional()
+  history: z5.array(HistoryEntrySchema).default([]),
+  last_jira_comment_id: z5.string().optional()
 });
 var HISTORY_CAP = 20;
 function readStatus(path) {
-  if (!existsSync11(path))
+  if (!existsSync16(path))
     return null;
-  return StatusJsonSchema.parse(JSON.parse(readFileSync8(path, "utf8")));
+  return StatusJsonSchema.parse(JSON.parse(readFileSync13(path, "utf8")));
 }
 function writeStatus(path, status) {
-  mkdirSync8(dirname5(path), { recursive: true });
-  writeFileSync6(path, JSON.stringify(status, null, 2));
+  mkdirSync9(dirname5(path), { recursive: true });
+  writeFileSync10(path, JSON.stringify(status, null, 2));
 }
 function appendHistory(path, entry) {
   const s = readStatus(path);
@@ -799,32 +2033,82 @@ function appendHistory(path, entry) {
   return s;
 }
 
-// src/reporter/status-writer.ts
-function writeStatusFromClassification(path, input) {
-  const result = input.classification.overall === "PASS" ? "PASS" : "FAIL";
-  const entry = { ts: input.runTs, result, class: input.classification.overall };
-  if (!existsSync12(path)) {
-    writeStatus(path, {
-      ticket: input.ticket,
-      lastRun: input.runTs,
-      result,
-      classification: input.classification.overall,
-      confidence: input.classification.overallConfidence,
-      scenarios: input.scenarioCounts,
-      history: [entry]
-    });
-    return;
+// src/bin-internal/post.ts
+async function postCmd(argv) {
+  const ticket = argv[0];
+  if (!ticket) {
+    console.error("[xera:post] usage: post <TICKET>");
+    return 1;
   }
-  const cur = readStatus(path);
-  writeStatus(path, {
-    ...cur,
-    lastRun: input.runTs,
-    result,
-    classification: input.classification.overall,
-    confidence: input.classification.overallConfidence,
-    scenarios: input.scenarioCounts
+  const cwd = process.cwd();
+  const config = await loadConfig(cwd);
+  if (!config.reporting.postToJira) {
+    console.log("[xera:post] postToJira disabled in config; skipping");
+    return 0;
+  }
+  const paths = resolveArtifactPaths(cwd, ticket);
+  const draftPath = join13(paths.ticketDir, "jira-comment.draft.md");
+  if (!existsSync17(draftPath)) {
+    console.error(`[xera:post] no draft at ${draftPath}; run \`xera-internal report\` first.`);
+    return 1;
+  }
+  const body = readFileSync14(draftPath, "utf8");
+  const client = await createJiraClient({
+    baseUrl: config.jira.baseUrl,
+    preferMcp: true,
+    ...process.env.JIRA_EMAIL && process.env.JIRA_API_TOKEN ? { rest: { email: process.env.JIRA_EMAIL, apiToken: process.env.JIRA_API_TOKEN } } : {}
   });
-  appendHistory(path, entry);
+  const r = await client.postComment(ticket, body);
+  console.log(`[xera:post] posted comment id=${r.id}`);
+  const s = readStatus(paths.statusPath);
+  if (s)
+    writeStatus(paths.statusPath, { ...s, last_jira_comment_id: r.id });
+  return 0;
+}
+
+// src/bin-internal/promote.ts
+import { promotePom } from "@xera-ai/web";
+async function promoteCmd(argv) {
+  const [ticket, className] = argv;
+  if (!ticket || !className) {
+    console.error("[xera:promote] usage: promote <TICKET> <PomClassName>");
+    return 1;
+  }
+  await promotePom({ repoRoot: process.cwd(), ticket, className });
+  console.log(`[xera:promote] moved ${className} \u2192 shared/page-objects/`);
+  return 0;
+}
+
+// src/bin-internal/report.ts
+import { readFileSync as readFileSync15, writeFileSync as writeFileSync11 } from "fs";
+import { join as join14 } from "path";
+
+// src/classifier/aggregate.ts
+var CLASS_PRIORITY = [
+  "REAL_BUG",
+  "TEST_BUG",
+  "SELECTOR_DRIFT",
+  "FLAKY",
+  "PASS"
+];
+var CONF_RANK = { low: 1, medium: 2, high: 3 };
+function aggregateScenarios(scenarios) {
+  if (scenarios.length === 0) {
+    return { overall: "PASS", overallConfidence: "low", scenarios: [] };
+  }
+  if (scenarios.every((s) => s.outcome === "PASS")) {
+    return { overall: "PASS", overallConfidence: "high", scenarios };
+  }
+  let chosen = "PASS";
+  for (const cls of CLASS_PRIORITY) {
+    if (scenarios.some((s) => s.class === cls)) {
+      chosen = cls;
+      break;
+    }
+  }
+  const matching = scenarios.filter((s) => s.class === chosen);
+  const minConf = matching.reduce((acc, s) => CONF_RANK[s.confidence] < CONF_RANK[acc] ? s.confidence : acc, "high");
+  return { overall: chosen, overallConfidence: minConf, scenarios };
 }
 
 // src/reporter/jira-comment.ts
@@ -856,6 +2140,35 @@ xera v${input.xeraVersion} \u2022 prompts v${input.promptsVersion}`;
 `);
 }
 
+// src/reporter/status-writer.ts
+import { existsSync as existsSync18 } from "fs";
+function writeStatusFromClassification(path, input) {
+  const result = input.classification.overall === "PASS" ? "PASS" : "FAIL";
+  const entry = { ts: input.runTs, result, class: input.classification.overall };
+  if (!existsSync18(path)) {
+    writeStatus(path, {
+      ticket: input.ticket,
+      lastRun: input.runTs,
+      result,
+      classification: input.classification.overall,
+      confidence: input.classification.overallConfidence,
+      scenarios: input.scenarioCounts,
+      history: [entry]
+    });
+    return;
+  }
+  const cur = readStatus(path);
+  writeStatus(path, {
+    ...cur,
+    lastRun: input.runTs,
+    result,
+    classification: input.classification.overall,
+    confidence: input.classification.overallConfidence,
+    scenarios: input.scenarioCounts
+  });
+  appendHistory(path, entry);
+}
+
 // src/bin-internal/report.ts
 async function reportCmd(argv) {
   const ticket = argv[0];
@@ -865,7 +2178,7 @@ async function reportCmd(argv) {
     return 1;
   }
   const paths = resolveArtifactPaths(process.cwd(), ticket);
-  const input = JSON.parse(readFileSync9(inputArg.slice("--input=".length), "utf8"));
+  const input = JSON.parse(readFileSync15(inputArg.slice("--input=".length), "utf8"));
   const aggregated = aggregateScenarios(input.scenarios);
   const ts = new Date().toISOString();
   writeStatusFromClassification(paths.statusPath, {
@@ -883,47 +2196,12 @@ async function reportCmd(argv) {
     xeraVersion: "0.1.0",
     promptsVersion: "1.0.0"
   });
-  const draftPath = join7(paths.ticketDir, "jira-comment.draft.md");
-  writeFileSync7(draftPath, md);
+  const draftPath = join14(paths.ticketDir, "jira-comment.draft.md");
+  writeFileSync11(draftPath, md);
   console.log(`[xera:report] wrote status.json and ${draftPath}`);
   return 0;
 }
 
-// src/bin-internal/post.ts
-import { readFileSync as readFileSync10, existsSync as existsSync13 } from "fs";
-import { join as join8 } from "path";
-async function postCmd(argv) {
-  const ticket = argv[0];
-  if (!ticket) {
-    console.error("[xera:post] usage: post <TICKET>");
-    return 1;
-  }
-  const cwd = process.cwd();
-  const config = await loadConfig(cwd);
-  if (!config.reporting.postToJira) {
-    console.log("[xera:post] postToJira disabled in config; skipping");
-    return 0;
-  }
-  const paths = resolveArtifactPaths(cwd, ticket);
-  const draftPath = join8(paths.ticketDir, "jira-comment.draft.md");
-  if (!existsSync13(draftPath)) {
-    console.error(`[xera:post] no draft at ${draftPath}; run \`xera-internal report\` first.`);
-    return 1;
-  }
-  const body = readFileSync10(draftPath, "utf8");
-  const client = await createJiraClient({
-    baseUrl: config.jira.baseUrl,
-    preferMcp: true,
-    ...process.env.JIRA_EMAIL && process.env.JIRA_API_TOKEN ? { rest: { email: process.env.JIRA_EMAIL, apiToken: process.env.JIRA_API_TOKEN } } : {}
-  });
-  const r = await client.postComment(ticket, body);
-  console.log(`[xera:post] posted comment id=${r.id}`);
-  const s = readStatus(paths.statusPath);
-  if (s)
-    writeStatus(paths.statusPath, { ...s, last_jira_comment_id: r.id });
-  return 0;
-}
-
 // src/bin-internal/status-cmd.ts
 async function statusCmd(argv) {
   const ticket = argv[0];
@@ -943,6 +2221,25 @@ async function statusCmd(argv) {
   return 0;
 }
 
+// src/bin-internal/typecheck.ts
+import { typecheckTicket } from "@xera-ai/web";
+async function typecheckCmd(argv) {
+  const ticket = argv[0];
+  if (!ticket) {
+    console.error("[xera:typecheck] usage: typecheck <TICKET>");
+    return 1;
+  }
+  const paths = resolveArtifactPaths(process.cwd(), ticket);
+  const r = await typecheckTicket(paths.ticketDir);
+  if (r.ok) {
+    console.log("[xera:typecheck] ok");
+    return 0;
+  }
+  for (const e of r.errors)
+    console.error(`[xera:typecheck] ${e}`);
+  return 2;
+}
+
 // src/bin-internal/unlock.ts
 async function unlockCmd(argv) {
   const ticket = argv[0];
@@ -966,32 +2263,49 @@ async function unlockCmd(argv) {
   return 0;
 }
 
-// src/bin-internal/promote.ts
-import { promotePom } from "@xera-ai/web";
-async function promoteCmd(argv) {
-  const [ticket, className] = argv;
-  if (!ticket || !className) {
-    console.error("[xera:promote] usage: promote <TICKET> <PomClassName>");
+// src/bin-internal/validate-feature.ts
+import { existsSync as existsSync19, readFileSync as readFileSync16 } from "fs";
+import { validateGherkin as validateGherkin2 } from "@xera-ai/web";
+async function validateFeatureCmd(argv) {
+  const ticket = argv[0];
+  if (!ticket) {
+    console.error("[xera:validate-feature] usage: validate-feature <TICKET>");
     return 1;
   }
-  await promotePom({ repoRoot: process.cwd(), ticket, className });
-  console.log(`[xera:promote] moved ${className} \u2192 shared/page-objects/`);
-  return 0;
+  const paths = resolveArtifactPaths(process.cwd(), ticket);
+  if (!existsSync19(paths.featurePath)) {
+    console.error(`[xera:validate-feature] missing ${paths.featurePath}`);
+    return 1;
+  }
+  const r = validateGherkin2(readFileSync16(paths.featurePath, "utf8"));
+  if (r.ok) {
+    console.log("[xera:validate-feature] ok");
+    return 0;
+  }
+  for (const e of r.errors)
+    console.error(`[xera:validate-feature] line ${e.line}: ${e.message}`);
+  return 2;
 }
 
 // src/bin-internal/index.ts
 var COMMANDS = {
+  doctor: doctorCmd,
+  "eval-deterministic": evalDeterministicCmd,
+  "eval-prepare": evalPrepareCmd,
+  "eval-report": evalReportCmd,
+  exec: execCmd,
   fetch: fetchCmd,
-  "validate-feature": validateFeatureCmd,
-  typecheck: typecheckCmd,
+  "heal-prepare": healPrepareCmd,
   lint: lintCmd,
-  exec: execCmd,
   normalize: normalizeCmd,
-  report: reportCmd,
   post: postCmd,
+  promote: promoteCmd,
+  report: reportCmd,
   status: statusCmd,
+  typecheck: typecheckCmd,
   unlock: unlockCmd,
-  promote: promoteCmd
+  "validate-feature": validateFeatureCmd,
+  "verify-prompts": verifyPromptsCmd
 };
 async function run(argv) {
   const [cmd, ...rest] = argv;
@@ -1002,8 +2316,8 @@ Commands: ${Object.keys(COMMANDS).join(", ")}`);
   }
   try {
     return await COMMANDS[cmd](rest);
-  } catch (err) {
-    console.error(`[xera:${cmd}] failed: ${err.message}`);
+  } catch (err2) {
+    console.error(`[xera:${cmd}] failed: ${err2.message}`);
     return 4;
   }
 }