npm - avorelo - Versions diffs - 0.1.0 → 0.2.0 - Mend

avorelo 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (260) hide show

package/LICENSE +23 -16
package/README.md +91 -51
package/bin/avorelo.mjs +7 -0
package/dist/avorelo.mjs +14337 -0
package/package.json +106 -120
package/bin/avorelo +0 -9
package/scripts/README.md +0 -40
package/scripts/cco-dashboard.js +0 -252
package/scripts/cco-status.js +0 -430
package/scripts/lib/activation/account-state.js +0 -37
package/scripts/lib/activation/activation-runner.js +0 -546
package/scripts/lib/activation/activation-self-healing.js +0 -480
package/scripts/lib/activation/activation-state.js +0 -83
package/scripts/lib/activation/activation-summary.js +0 -191
package/scripts/lib/activation/adapters/claude-code.js +0 -77
package/scripts/lib/activation/adapters/codex-cli.js +0 -52
package/scripts/lib/activation/adapters/cursor.js +0 -37
package/scripts/lib/activation/adapters/github-agent.js +0 -39
package/scripts/lib/activation/adapters/terminal.js +0 -42
package/scripts/lib/activation/adapters/vscode.js +0 -39
package/scripts/lib/activation/adapters/windsurf.js +0 -37
package/scripts/lib/activation/ai-surface-detector.js +0 -151
package/scripts/lib/activation/connect-account.js +0 -145
package/scripts/lib/activation/detect-environment.js +0 -75
package/scripts/lib/activation/detect-hosts.js +0 -62
package/scripts/lib/activation/format-activation-output.js +0 -109
package/scripts/lib/activation/next-action.js +0 -43
package/scripts/lib/activation/repair-engine.js +0 -219
package/scripts/lib/activation-distribution-readiness.js +0 -507
package/scripts/lib/adapter-conformance.js +0 -176
package/scripts/lib/adapter-readiness.js +0 -417
package/scripts/lib/adapter-safety-boundaries.js +0 -335
package/scripts/lib/adapter-technical-readiness-gate.js +0 -205
package/scripts/lib/agent-access-governance.js +0 -455
package/scripts/lib/agent-enforcement.js +0 -765
package/scripts/lib/agent-policy-profile.js +0 -210
package/scripts/lib/agent-security/action-evaluator.js +0 -507
package/scripts/lib/agent-security/adapter-registry.js +0 -98
package/scripts/lib/agent-security/auto-policy.js +0 -139
package/scripts/lib/agent-security/bounded-scan.js +0 -93
package/scripts/lib/agent-security/enforcement-adapter.js +0 -174
package/scripts/lib/agent-security/enforcement-engine.js +0 -1129
package/scripts/lib/agent-security/file-write-adapter.js +0 -183
package/scripts/lib/agent-security/file-write-rules.js +0 -178
package/scripts/lib/agent-security/index.js +0 -3342
package/scripts/lib/agent-security/instruction-risk.js +0 -181
package/scripts/lib/agent-security/mcp-action-adapter.js +0 -185
package/scripts/lib/agent-security/mcp-action-rules.js +0 -184
package/scripts/lib/agent-security/package-action-adapter.js +0 -175
package/scripts/lib/agent-security/package-action-rules.js +0 -233
package/scripts/lib/agent-security/performance.js +0 -148
package/scripts/lib/agent-security/permission-minimizer.js +0 -403
package/scripts/lib/agent-security/scan-cache.js +0 -74
package/scripts/lib/agent-security/source-trust.js +0 -146
package/scripts/lib/ai-install-prompt.js +0 -288
package/scripts/lib/ai-workspace-hygiene.js +0 -1499
package/scripts/lib/alpha-activation.js +0 -520
package/scripts/lib/alpha-feedback.js +0 -263
package/scripts/lib/alpha-readiness-gate.js +0 -332
package/scripts/lib/anti-gaming.js +0 -169
package/scripts/lib/artifact-health.js +0 -431
package/scripts/lib/attribution.js +0 -180
package/scripts/lib/audit.js +0 -289
package/scripts/lib/avorelo-skill-registry.js +0 -810
package/scripts/lib/batch-jobs.js +0 -71
package/scripts/lib/brain-pack.js +0 -578
package/scripts/lib/brand-boundary.js +0 -424
package/scripts/lib/brand.js +0 -74
package/scripts/lib/browser-capability.js +0 -1048
package/scripts/lib/browser-proof-preflight.js +0 -321
package/scripts/lib/cache-readiness.js +0 -187
package/scripts/lib/canonical-reentry.js +0 -162
package/scripts/lib/capability-packs.js +0 -314
package/scripts/lib/capability-recommender.js +0 -512
package/scripts/lib/capability-registry.js +0 -1059
package/scripts/lib/carry-forward-surfacing.js +0 -194
package/scripts/lib/ccusage-adapter.js +0 -188
package/scripts/lib/company-loop.js +0 -1149
package/scripts/lib/config.js +0 -637
package/scripts/lib/context-acquisition-plan.js +0 -287
package/scripts/lib/context-budget-guard.js +0 -170
package/scripts/lib/context-budget-scanner.js +0 -257
package/scripts/lib/context-optimizer.js +0 -715
package/scripts/lib/context-reduction-plan.js +0 -178
package/scripts/lib/context-safety.js +0 -88
package/scripts/lib/context-savings-engine.js +0 -158
package/scripts/lib/cost-evidence.js +0 -254
package/scripts/lib/cross-host-install-plan.js +0 -308
package/scripts/lib/cross-host-install-readiness.js +0 -237
package/scripts/lib/cross-host-value-flow.js +0 -268
package/scripts/lib/dashboard.js +0 -900
package/scripts/lib/design-partner-feedback.js +0 -346
package/scripts/lib/entitlements.js +0 -100
package/scripts/lib/execution-packet.js +0 -559
package/scripts/lib/experimentation-events.js +0 -547
package/scripts/lib/external-capability-compliance.js +0 -107
package/scripts/lib/external-user-simulation.js +0 -166
package/scripts/lib/failure-recovery-readiness.js +0 -81
package/scripts/lib/failure-recovery.js +0 -419
package/scripts/lib/feedback-intelligence.js +0 -537
package/scripts/lib/feedback-signals.js +0 -205
package/scripts/lib/file-integrity.js +0 -68
package/scripts/lib/fsx.js +0 -127
package/scripts/lib/full-readiness-gate.js +0 -451
package/scripts/lib/guidance-builder.js +0 -174
package/scripts/lib/hook-apply.js +0 -1019
package/scripts/lib/hook-baseline.js +0 -310
package/scripts/lib/hook-config-preview.js +0 -275
package/scripts/lib/hook-contracts.js +0 -290
package/scripts/lib/hook-safety-boundary-readiness.js +0 -80
package/scripts/lib/host-capability-matrix.js +0 -351
package/scripts/lib/host-support-context.js +0 -254
package/scripts/lib/http-hook-action.js +0 -538
package/scripts/lib/install-ai-readiness.js +0 -84
package/scripts/lib/install-intake-risk.js +0 -1037
package/scripts/lib/install-journey-intelligence.js +0 -329
package/scripts/lib/intervention-guidance.js +0 -57
package/scripts/lib/known-limitations.js +0 -115
package/scripts/lib/l8-path-truth.js +0 -146
package/scripts/lib/launch-hardening-gate.js +0 -436
package/scripts/lib/launch-readiness.js +0 -628
package/scripts/lib/learning-memory.js +0 -686
package/scripts/lib/lifecycle-hooks.js +0 -802
package/scripts/lib/local-package-smoke.js +0 -423
package/scripts/lib/local-pricing.js +0 -299
package/scripts/lib/mcp-enforcement.js +0 -311
package/scripts/lib/mcp-least-privilege-policy.js +0 -303
package/scripts/lib/mcp-tool-inventory.js +0 -388
package/scripts/lib/mcp-tool-risk.js +0 -0
package/scripts/lib/memory.js +0 -335
package/scripts/lib/metrics.js +0 -699
package/scripts/lib/micro-proof.js +0 -133
package/scripts/lib/next-run-context.js +0 -436
package/scripts/lib/operating-value.js +0 -1648
package/scripts/lib/optimization-v3.js +0 -122
package/scripts/lib/orchestration/adapters/_shared.js +0 -49
package/scripts/lib/orchestration/adapters/aider.js +0 -18
package/scripts/lib/orchestration/adapters/claude-code.js +0 -35
package/scripts/lib/orchestration/adapters/codex.js +0 -35
package/scripts/lib/orchestration/adapters/gemini-cli.js +0 -18
package/scripts/lib/orchestration/adapters/git.js +0 -25
package/scripts/lib/orchestration/adapters/index.js +0 -31
package/scripts/lib/orchestration/adapters/lm-studio.js +0 -18
package/scripts/lib/orchestration/adapters/ollama.js +0 -18
package/scripts/lib/orchestration/adapters/opencode.js +0 -18
package/scripts/lib/orchestration/adapters/openrouter.js +0 -18
package/scripts/lib/orchestration/adapters/test-runner.js +0 -25
package/scripts/lib/orchestration/cli.js +0 -438
package/scripts/lib/orchestration/execution-manager.js +0 -279
package/scripts/lib/orchestration/handoff.js +0 -314
package/scripts/lib/orchestration/index.js +0 -456
package/scripts/lib/orchestration/inventory.js +0 -47
package/scripts/lib/orchestration/model-discovery.js +0 -498
package/scripts/lib/orchestration/model-profiler.js +0 -170
package/scripts/lib/orchestration/model-profiles.js +0 -252
package/scripts/lib/orchestration/model-refresh-policy.js +0 -72
package/scripts/lib/orchestration/proof-writer.js +0 -349
package/scripts/lib/orchestration/provider-discovery/aider.js +0 -49
package/scripts/lib/orchestration/provider-discovery/claude-code.js +0 -56
package/scripts/lib/orchestration/provider-discovery/codex.js +0 -49
package/scripts/lib/orchestration/provider-discovery/common.js +0 -186
package/scripts/lib/orchestration/provider-discovery/gemini.js +0 -106
package/scripts/lib/orchestration/provider-discovery/lm-studio.js +0 -118
package/scripts/lib/orchestration/provider-discovery/models-dev.js +0 -12
package/scripts/lib/orchestration/provider-discovery/ollama.js +0 -100
package/scripts/lib/orchestration/provider-discovery/opencode.js +0 -47
package/scripts/lib/orchestration/provider-discovery/openrouter.js +0 -44
package/scripts/lib/orchestration/risk-classifier.js +0 -130
package/scripts/lib/orchestration/routing-policy.js +0 -486
package/scripts/lib/orchestration/settings.js +0 -112
package/scripts/lib/orchestration/state.js +0 -165
package/scripts/lib/orchestration/verification-manager.js +0 -138
package/scripts/lib/output-profiles.js +0 -146
package/scripts/lib/package-content-audit.js +0 -368
package/scripts/lib/package-runtime.js +0 -278
package/scripts/lib/plan-surface.js +0 -53
package/scripts/lib/plans.js +0 -2318
package/scripts/lib/policy-provider.js +0 -27
package/scripts/lib/prelaunch-activation-readiness.js +0 -409
package/scripts/lib/prelaunch-evidence-store.js +0 -816
package/scripts/lib/prelaunch-intelligence.js +0 -869
package/scripts/lib/pricing-experiment.js +0 -118
package/scripts/lib/pro-moment-events.js +0 -77
package/scripts/lib/pro-moment-state.js +0 -227
package/scripts/lib/pro-moments.js +0 -1216
package/scripts/lib/product-learning-events.js +0 -629
package/scripts/lib/project-profile.js +0 -555
package/scripts/lib/prompt-compiler.js +0 -280
package/scripts/lib/prompt-lint.js +0 -32
package/scripts/lib/prompt-suggestions.js +0 -52
package/scripts/lib/proof-canonical.js +0 -398
package/scripts/lib/proof-drilldown.js +0 -383
package/scripts/lib/proof-events.js +0 -342
package/scripts/lib/proof-history.js +0 -243
package/scripts/lib/proof-metrics.js +0 -296
package/scripts/lib/proof-outcome-evidence.js +0 -134
package/scripts/lib/proof-receipt.js +0 -335
package/scripts/lib/proof-record.js +0 -461
package/scripts/lib/public-activation-distribution-gate.js +0 -258
package/scripts/lib/public-cli.js +0 -3891
package/scripts/lib/public-distribution-truth.js +0 -211
package/scripts/lib/public-install-claim-checker.js +0 -294
package/scripts/lib/publish-provenance-readiness.js +0 -283
package/scripts/lib/readiness-delta.js +0 -218
package/scripts/lib/readiness-evidence-closure.js +0 -196
package/scripts/lib/reentry-memory-capture.js +0 -241
package/scripts/lib/reentry-memory-retrieval.js +0 -302
package/scripts/lib/reentry-memory-status.js +0 -146
package/scripts/lib/reentry-memory-store.js +0 -178
package/scripts/lib/reentry-state.js +0 -66
package/scripts/lib/release-candidate-bundle.js +0 -166
package/scripts/lib/remediation.js +0 -81
package/scripts/lib/repo-map.js +0 -391
package/scripts/lib/run-improvements-lifecycle.js +0 -330
package/scripts/lib/run-improvements.js +0 -789
package/scripts/lib/runtime-decision-policy.js +0 -387
package/scripts/lib/safe-path-engine.js +0 -705
package/scripts/lib/safe-run-controller.js +0 -887
package/scripts/lib/score.js +0 -262
package/scripts/lib/seamless-enforcement.js +0 -329
package/scripts/lib/seamless-outcome.js +0 -689
package/scripts/lib/seamless-reality-gate.js +0 -5043
package/scripts/lib/security-risk-classifier.js +0 -511
package/scripts/lib/security-scan.js +0 -384
package/scripts/lib/session-context-optimizer.js +0 -1211
package/scripts/lib/session-timing.js +0 -315
package/scripts/lib/skill-hygiene.js +0 -805
package/scripts/lib/skill-packs.js +0 -161
package/scripts/lib/skills-operating-layer.js +0 -580
package/scripts/lib/smart-work-routing.js +0 -768
package/scripts/lib/source-catalog.js +0 -700
package/scripts/lib/status-value-summary.js +0 -32
package/scripts/lib/support-bundle.js +0 -578
package/scripts/lib/task-continuation.js +0 -440
package/scripts/lib/test-helpers.js +0 -15
package/scripts/lib/tier.js +0 -38
package/scripts/lib/token-context-quality-gate.js +0 -370
package/scripts/lib/token-cost-capture.js +0 -187
package/scripts/lib/token-cost-intelligence.js +0 -358
package/scripts/lib/token-efficiency-evidence.js +0 -213
package/scripts/lib/token-evidence.js +0 -699
package/scripts/lib/tokenish.js +0 -17
package/scripts/lib/tool-output-sandbox.js +0 -304
package/scripts/lib/trust-audit.js +0 -136
package/scripts/lib/unified-events.js +0 -396
package/scripts/lib/upgrade-interruption-recovery.js +0 -407
package/scripts/lib/usage-ledger.js +0 -201
package/scripts/lib/value-ledger.js +0 -130
package/scripts/lib/value-proof-calibration.js +0 -531
package/scripts/lib/visual-qa.js +0 -231
package/scripts/lib/voice-alpha.js +0 -29
package/scripts/lib/work-aware-orchestration.js +0 -976
package/scripts/lib/work-control-receipts.js +0 -577
package/scripts/lib/work-ledger.js +0 -1123
package/scripts/lib/work-panel-preview.js +0 -352
package/scripts/lib/workflow-discipline.js +0 -280
package/scripts/lib/workflow-signals.js +0 -419
package/scripts/lib/workspace-map.js +0 -281
package/scripts/lib/workspace-registry.js +0 -1367
package/scripts/lib/workspace-resolver.js +0 -480

package/scripts/lib/work-control-receipts.js DELETED Viewed

@@ -1,577 +0,0 @@
-"use strict";
-const crypto = require("crypto");
-const { ensureCcoDirs, nowIso, safeReadJson, safeWriteJson } = require("./fsx");
-const { appendProductLearningEvent } = require("./product-learning-events");
-const WORK_CONTROL_CONTRACT = "avorelo.workControlReceipt.v1";
-const WORK_CONTROL_SCHEMA_VERSION = 1;
-const LATEST_WC_RECEIPT_REL_PATH = ".claude/cco/orchestration/work-control/latest-receipt.json";
-const WC_HISTORY_DIR_REL_PATH = ".claude/cco/orchestration/work-control/history";
-const WC_EVENT_LOG_REL_PATH = ".claude/cco/events/work-control.jsonl";
-const SECRET_PATTERN = /(?:sk-[A-Za-z0-9_-]{16,}|ghp_[A-Za-z0-9]{20,}|AKIA[0-9A-Z]{16}|(?:api[_ -]?key|token|password|secret|authorization)\s*[:=]\s*\S+)/i;
-function unique(values) {
-  return [...new Set((values || []).filter(Boolean))];
-}
-function redactIfSecret(text) {
-  if (!text) return text;
-  const s = String(text);
-  return SECRET_PATTERN.test(s) ? "[REDACTED]" : s;
-}
-function createReceiptId() {
-  return `wc-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`;
-}
-function readLatestWorkControlReceipt(cwd) {
-  return safeReadJson(cwd, LATEST_WC_RECEIPT_REL_PATH, null);
-}
-function computeFinalState(controls) {
-  const { guard, governance, safePath, installIntake } = controls;
-  const isBlocked =
-    guard?.decision === "block"
-    || governance?.decision === "block"
-    || safePath?.lastDecision === "block";
-  if (isBlocked) return "blocked";
-  const requiresApproval =
-    guard?.decision === "approval_required"
-    || governance?.decision === "approval_required"
-    || governance?.approvalBoundary === true
-    || safePath?.lastDecision === "approval_required"
-    || safePath?.approvalBoundary === true;
-  if (requiresApproval) return "approval_required";
-  const hasAttention =
-    (installIntake?.highRiskItems > 0)
-    || (installIntake?.unknownItems > 0)
-    || (governance?.subjectTrustStatus === "unknown")
-    || (guard?.riskLevel === "high" || guard?.riskLevel === "critical");
-  if (hasAttention) return "attention";
-  const hasEvidence =
-    guard?.evidencePath
-    || governance?.latestReceiptPath
-    || safePath?.latestReceiptPath
-    || installIntake?.latestReceiptPath;
-  return hasEvidence ? "ok" : "missing";
-}
-function computeNextSafestAction(controls, finalState) {
-  const { guard, governance, safePath, installIntake } = controls;
-  if (finalState === "blocked") {
-    return "Preserve the block — do not execute the destructive or blocked action.";
-  }
-  if (governance?.subjectTrustStatus === "unknown" || installIntake?.unknownItems > 0) {
-    return "Review unknown intake source or subject before proceeding.";
-  }
-  if (finalState === "approval_required") {
-    return safePath?.nextAction
-      || governance?.nextAction
-      || "Approve only the reduced scope before proceeding.";
-  }
-  if (finalState === "attention") {
-    return installIntake?.nextAction
-      || guard?.nextAction
-      || "Review high-risk intake items and confirm reduced scope.";
-  }
-  if (!guard?.evidencePath && !governance?.latestReceiptPath) {
-    return "Run `avorelo guard` on a risky action to generate the first control receipt.";
-  }
-  return "Continue with the smallest local scope. Re-run proof before next session.";
-}
-function buildDoNotRepeat(controls, proof) {
-  const items = [
-    "Do not rerun from scratch — use current proof/work-control receipt.",
-    "Do not trust unknown MCP server or package without running intake review first.",
-    "Do not paste huge status JSON into context — use `avorelo work-control --json` instead.",
-  ];
-  if (proof?.route?.selectedRoute?.includes("broad") || proof?.route?.safetyNotes?.some((n) => /broad/i.test(n))) {
-    items.push("Do not perform broad repo scan — route already recorded the relevant context.");
-  }
-  if (controls.installIntake?.unknownItems > 0) {
-    items.push("Do not execute tool or MCP call for unknown/unreviewed source.");
-  }
-  if (controls.safePath?.lastDecision === "recommend_reduced_scope") {
-    items.push("Do not use broad scope — safe path already recommended a reduced alternative.");
-  }
-  return unique(items);
-}
-function buildCarryForward(cwd, controls, proof, finalState, nextSafestAction) {
-  const items = {};
-  if (proof?.route?.selectedRoute) {
-    items.lastRoute = proof.route.selectedRoute;
-  }
-  if (proof?.task) {
-    items.lastTaskSummary = String(proof.task).slice(0, 200);
-  }
-  if (proof?.runId) {
-    items.lastRunId = proof.runId;
-  }
-  items.finalState = finalState;
-  items.nextSafestAction = nextSafestAction;
-  items.receiptPaths = [
-    controls.guard?.evidencePath ? `guard: ${controls.guard.evidencePath}` : null,
-    controls.governance?.latestReceiptPath ? `governance: ${controls.governance.latestReceiptPath}` : null,
-    controls.safePath?.latestReceiptPath ? `safe-path: ${controls.safePath.latestReceiptPath}` : null,
-    controls.installIntake?.latestReceiptPath ? `intake: ${controls.installIntake.latestReceiptPath}` : null,
-    controls.skills?.latestRouteReceiptPath ? `skills: ${controls.skills.latestRouteReceiptPath}` : null,
-  ].filter(Boolean);
-  const unchecked = [];
-  if (!controls.governance?.latestReceiptPath) unchecked.push("governance receipt missing");
-  if (!controls.safePath?.latestReceiptPath) unchecked.push("safe-path receipt missing");
-  if (!controls.skills?.latestRouteReceiptPath) unchecked.push("skills route receipt missing");
-  if (unchecked.length) items.uncheckedItems = unchecked;
-  items.restoreCommands = [
-    "node bin/avorelo work-control --json",
-    "node bin/avorelo proof",
-  ];
-  return items;
-}
-function buildWorkControlSummary(controls, finalState, nextSafestAction, doNotRepeat, carryForward) {
-  const { guard, governance, safePath, installIntake, skills } = controls;
-  const allowedCount = guard?.decision === "allow" ? 1 : 0;
-  const warnedCount = guard?.decision === "warn" ? 1 : 0;
-  const approvalRequiredCount = (guard?.decision === "approval_required" || finalState === "approval_required") ? 1 : 0;
-  const blockedCount = guard?.decision === "block" ? 1 : 0;
-  const reductionsRecommendedCount = safePath?.reductionsRecommended || 0;
-  const reviewedSourcesCount = skills?.reviewedSources || 0;
-  const unknownSourcesCount = skills?.deferredSources || 0;
-  const highRiskIntakeCount = installIntake?.highRiskItems || 0;
-  return {
-    allowedCount,
-    warnedCount,
-    approvalRequiredCount,
-    blockedCount,
-    reductionsRecommendedCount,
-    reviewedSourcesCount,
-    unknownSourcesCount,
-    highRiskIntakeCount,
-    finalState,
-    nextSafestAction,
-    doNotRepeat,
-    carryForward,
-  };
-}
-function buildWorkControlReceipt(cwd, options = {}) {
-  const { buildAgentAccessGovernanceSurface } = require("./agent-access-governance");
-  const { buildSafePathSurface } = require("./safe-path-engine");
-  const { buildInstallIntakeRiskSurface } = require("./install-intake-risk");
-  const { buildSkillsOperatingLayerSurface } = require("./skills-operating-layer");
-  let proof = null;
-  try {
-    const { readCurrentProof } = require("./orchestration");
-    proof = readCurrentProof(cwd);
-  } catch {}
-  const governanceSurface = buildAgentAccessGovernanceSurface(cwd);
-  const safePathSurface = buildSafePathSurface(cwd);
-  const intakeSurface = buildInstallIntakeRiskSurface(cwd);
-  const skillsSurface = buildSkillsOperatingLayerSurface(cwd);
-  const rawTask = (options.task || proof?.task || "");
-  const taskText = redactIfSecret(rawTask) || "";
-  const taskSection = {
-    text: taskText.slice(0, 400),
-    type: proof?.route?.task?.taskType || options.taskType || "unknown",
-    risk: proof?.route?.task?.risk || options.taskRisk || "unknown",
-    sensitivity: proof?.route?.task?.sensitivity || options.taskSensitivity || "unknown",
-    surface: proof?.surface || options.surface || "avorelo_cli",
-  };
-  const routeSection = proof?.route
-    ? {
-        selectedRoute: proof.route.selectedRoute || null,
-        chosenTool: proof.route.chosenTool || null,
-        selectedModel: proof.route.selectedModel || null,
-        chosenModelProfile: proof.route.chosenModelProfile || null,
-        fallbackTool: proof.route.fallbackTool || null,
-        safetyNotes: (proof.route.safetyNotes || []).slice(0, 5),
-        whyChosen: (proof.route.whyChosen || []).slice(0, 3),
-        whyNotChosen: (proof.route.whyNotChosen || []).slice(0, 3),
-      }
-    : {
-        selectedRoute: null,
-        chosenTool: null,
-        selectedModel: null,
-        chosenModelProfile: null,
-        fallbackTool: null,
-        safetyNotes: [],
-        whyChosen: [],
-        whyNotChosen: [],
-      };
-  const latestGovernanceReceipt = governanceSurface.latestReceipt;
-  const latestSafePathReceipt = safePathSurface.latestReceipt;
-  const guardSection = latestGovernanceReceipt
-    ? {
-        decision: latestGovernanceReceipt.decision || "unknown",
-        riskLevel: latestGovernanceReceipt.severity || "unknown",
-        reasonCodes: (latestGovernanceReceipt.reasonCodes || []).slice(0, 5),
-        matchedRules: [],
-        evidencePath: governanceSurface.latestReceiptPath || null,
-        nextAction: null,
-      }
-    : {
-        decision: "missing",
-        riskLevel: "unknown",
-        reasonCodes: [],
-        matchedRules: [],
-        evidencePath: null,
-        nextAction: "Run `avorelo guard` to generate the first governance receipt.",
-      };
-  const governanceSection = {
-    status: governanceSurface.status,
-    latestReceiptPath: governanceSurface.latestReceiptPath,
-    decision: latestGovernanceReceipt?.decision || "missing",
-    subjectType: latestGovernanceReceipt?.subjectSummary?.type || null,
-    subjectTrustStatus: latestGovernanceReceipt?.subjectSummary?.trustStatus || null,
-    requestedActionType: latestGovernanceReceipt?.requestedActionSummary?.type || null,
-    scopeSummary: latestGovernanceReceipt?.scopeSummary || null,
-    approvalBoundary: latestGovernanceReceipt?.approvalBoundary?.required === true,
-    nextAction: governanceSurface.nextAction,
-  };
-  const safePathSection = {
-    status: safePathSurface.status,
-    latestReceiptPath: safePathSurface.latestReceiptPath,
-    lastDecision: safePathSurface.lastDecision,
-    recommendedBoundary: latestSafePathReceipt?.recommendedBoundary || null,
-    reductionSummary: latestSafePathReceipt?.reductionSummary || null,
-    approvalBoundary: latestSafePathReceipt?.approvalBoundary?.required === true,
-    nextAction: safePathSurface.nextAction,
-    reductionsRecommended: safePathSurface.reductionsRecommended,
-  };
-  const intakeSection = {
-    status: intakeSurface.status,
-    latestReceiptPath: intakeSurface.latestReceiptPath,
-    totalItems: intakeSurface.totalItems,
-    unknownItems: intakeSurface.unknownItems,
-    highRiskItems: intakeSurface.highRiskItems,
-    topReasonCodes: (intakeSurface.topReasonCodes || []).slice(0, 5),
-    nextAction: intakeSurface.nextAction,
-  };
-  const skillsSection = {
-    status: skillsSurface.status,
-    primarySkill: null,
-    reviewedSources: skillsSurface.reviewedSources,
-    deferredSources: skillsSurface.deferredSources,
-    latestRouteReceiptPath: skillsSurface.latestSkillRouteReceiptPath || null,
-    evidenceRequirements: [],
-  };
-  const controls = {
-    guard: guardSection,
-    governance: governanceSection,
-    safePath: safePathSection,
-    installIntake: intakeSection,
-    skills: skillsSection,
-  };
-  const verification = {
-    status: proof?.verification?.status || "missing",
-    commandsRun: [],
-    passed: [],
-    failed: [],
-    notChecked: [
-      !governanceSurface.latestReceiptPath && "governance receipt",
-      !safePathSurface.latestReceiptPath && "safe-path receipt",
-      !skillsSurface.latestSkillRouteReceiptPath && "skills route receipt",
-    ].filter(Boolean),
-    proofPath: proof ? ".claude/cco/orchestration/current-proof.json" : null,
-  };
-  const finalState = computeFinalState(controls);
-  const nextSafestAction = computeNextSafestAction(controls, finalState);
-  const doNotRepeat = buildDoNotRepeat(controls, proof);
-  const carryForward = buildCarryForward(cwd, controls, proof, finalState, nextSafestAction);
-  const workControl = buildWorkControlSummary(controls, finalState, nextSafestAction, doNotRepeat, carryForward);
-  const allReceiptPaths = [
-    governanceSurface.latestReceiptPath,
-    safePathSurface.latestReceiptPath,
-    intakeSurface.latestReceiptPath,
-    skillsSurface.latestSkillRouteReceiptPath,
-  ].filter(Boolean);
-  const receipt = {
-    schemaVersion: WORK_CONTROL_SCHEMA_VERSION,
-    contract: WORK_CONTROL_CONTRACT,
-    receiptType: "work_control",
-    receiptId: createReceiptId(),
-    createdAt: nowIso(),
-    cwd,
-    task: taskSection,
-    route: routeSection,
-    controls,
-    verification,
-    workControl,
-    evidencePaths: allReceiptPaths,
-    productLearning: {
-      eventsWritten: 0,
-      suggestedEvents: ["work_control_receipt_written"],
-    },
-    redacted: true,
-  };
-  return receipt;
-}
-function writeWorkControlReceipt(cwd, receipt, options = {}) {
-  ensureCcoDirs(cwd);
-  const relPath = LATEST_WC_RECEIPT_REL_PATH;
-  safeWriteJson(cwd, relPath, receipt);
-  const fs = require("fs");
-  const path = require("path");
-  const historyDir = path.join(cwd, WC_HISTORY_DIR_REL_PATH);
-  fs.mkdirSync(historyDir, { recursive: true });
-  const canExport = options.plan && options.plan !== "free";
-  if (canExport) {
-    safeWriteJson(cwd, `${WC_HISTORY_DIR_REL_PATH}/${receipt.receiptId}.json`, receipt);
-  }
-  const eventLine = {
-    receiptId: receipt.receiptId,
-    finalState: receipt.workControl.finalState,
-    blockedCount: receipt.workControl.blockedCount,
-    approvalRequiredCount: receipt.workControl.approvalRequiredCount,
-    highRiskIntakeCount: receipt.workControl.highRiskIntakeCount,
-    receiptPath: relPath,
-    createdAt: receipt.createdAt,
-  };
-  try {
-    const abs = require("path").join(cwd, WC_EVENT_LOG_REL_PATH);
-    fs.mkdirSync(require("path").dirname(abs), { recursive: true });
-    fs.appendFileSync(abs, `${JSON.stringify(eventLine)}\n`, "utf8");
-  } catch {}
-  let eventsWritten = 0;
-  const productEvents = [];
-  productEvents.push({
-    eventName: "work_control_receipt_written",
-    category: "work_control",
-    status: "completed",
-    payload: {
-      finalState: receipt.workControl.finalState,
-      blockedCount: receipt.workControl.blockedCount,
-      approvalRequiredCount: receipt.workControl.approvalRequiredCount,
-      highRiskIntakeCount: receipt.workControl.highRiskIntakeCount,
-      evidencePathsCount: receipt.evidencePaths.length,
-    },
-  });
-  if (receipt.workControl.finalState === "blocked") {
-    productEvents.push({
-      eventName: "work_control_block_preserved",
-      category: "work_control",
-      status: "completed",
-      payload: {
-        receiptId: receipt.receiptId,
-        blockedCount: receipt.workControl.blockedCount,
-      },
-    });
-  }
-  if (receipt.workControl.finalState === "approval_required") {
-    productEvents.push({
-      eventName: "work_control_approval_required",
-      category: "work_control",
-      status: "recommended",
-      payload: {
-        approvalRequiredCount: receipt.workControl.approvalRequiredCount,
-      },
-    });
-  }
-  if (receipt.workControl.nextSafestAction) {
-    productEvents.push({
-      eventName: "work_control_next_action_recommended",
-      category: "work_control",
-      status: "recommended",
-      payload: {
-        finalState: receipt.workControl.finalState,
-      },
-    });
-  }
-  if (receipt.workControl.doNotRepeat?.length) {
-    productEvents.push({
-      eventName: "work_control_do_not_repeat_generated",
-      category: "work_control",
-      status: "completed",
-      payload: {
-        count: receipt.workControl.doNotRepeat.length,
-      },
-    });
-  }
-  productEvents.forEach((event) => {
-    try {
-      appendProductLearningEvent(cwd, event);
-      eventsWritten += 1;
-    } catch {}
-  });
-  receipt.productLearning.eventsWritten = eventsWritten;
-  return relPath;
-}
-function buildWorkControlSurface(cwd) {
-  const latestReceipt = readLatestWorkControlReceipt(cwd);
-  if (!latestReceipt) {
-    return {
-      status: "missing",
-      latestReceiptPath: null,
-      finalState: "missing",
-      nextSafestAction: "Run `avorelo work-control` to generate the first receipt.",
-      blockedCount: 0,
-      approvalRequiredCount: 0,
-      highRiskIntakeCount: 0,
-      unknownSourcesCount: 0,
-      proofAvailable: false,
-      carryForwardAvailable: false,
-      showInStatus: true,
-      showInDashboard: true,
-      statusLine: "Work Control: MISSING · no receipt yet",
-    };
-  }
-  const wc = latestReceipt.workControl || {};
-  const finalState = wc.finalState || "missing";
-  const stateLabel = finalState.toUpperCase().replace(/_/g, " ");
-  return {
-    status: "foundation",
-    latestReceiptPath: LATEST_WC_RECEIPT_REL_PATH,
-    finalState,
-    nextSafestAction: wc.nextSafestAction || null,
-    blockedCount: wc.blockedCount || 0,
-    approvalRequiredCount: wc.approvalRequiredCount || 0,
-    highRiskIntakeCount: wc.highRiskIntakeCount || 0,
-    unknownSourcesCount: wc.unknownSourcesCount || 0,
-    proofAvailable: Boolean(latestReceipt.verification?.proofPath),
-    carryForwardAvailable: Boolean(wc.carryForward?.receiptPaths?.length),
-    showInStatus: true,
-    showInDashboard: true,
-    statusLine: `Work Control: ${stateLabel} · blocked=${wc.blockedCount || 0} · approval=${wc.approvalRequiredCount || 0} · high-risk-intake=${wc.highRiskIntakeCount || 0} · latest receipt ${LATEST_WC_RECEIPT_REL_PATH}`,
-  };
-}
-function formatWorkControlText(surfaceOrReceipt, options = {}) {
-  const isHandoff = options.handoff === true;
-  if (!surfaceOrReceipt) {
-    return "Work Control: MISSING · no receipt yet\nNext: Run `avorelo work-control` to generate the first receipt.\n";
-  }
-  if (surfaceOrReceipt.contract === WORK_CONTROL_CONTRACT) {
-    const receipt = surfaceOrReceipt;
-    const wc = receipt.workControl || {};
-    const stateLabel = (wc.finalState || "missing").toUpperCase().replace(/_/g, " ");
-    const taskText = receipt.task?.text ? String(receipt.task.text).slice(0, 120) : "unknown";
-    const lines = [
-      `Work Control: ${stateLabel}`,
-      `Task: ${taskText}`,
-      `State: ${wc.finalState || "missing"}`,
-    ];
-    if (receipt.controls?.guard?.decision && receipt.controls.guard.decision !== "missing") {
-      lines.push(`Guard: ${receipt.controls.guard.decision} · ${(receipt.controls.guard.reasonCodes || []).join(", ") || "no codes"}`);
-    }
-    if (receipt.controls?.installIntake?.totalItems) {
-      lines.push(`Install Intake: ${receipt.controls.installIntake.totalItems} items · ${receipt.controls.installIntake.unknownItems} unknown · ${receipt.controls.installIntake.highRiskItems} high`);
-    }
-    if (receipt.controls?.safePath?.lastDecision) {
-      lines.push(`Safe Path: ${receipt.controls.safePath.lastDecision}`);
-    }
-    if (wc.nextSafestAction) {
-      lines.push(`Next: ${wc.nextSafestAction}`);
-    }
-    if (receipt.evidencePaths?.length) {
-      lines.push(`Evidence paths: ${receipt.evidencePaths.join(", ")}`);
-    }
-    lines.push(`Receipt: ${LATEST_WC_RECEIPT_REL_PATH}`);
-    if (isHandoff) {
-      lines.push("");
-      lines.push("## Handoff");
-      lines.push(`State: ${wc.finalState || "missing"}`);
-      lines.push("");
-      lines.push("### What was checked");
-      (receipt.evidencePaths || []).forEach((p) => lines.push(`- ${p}`));
-      if (!receipt.evidencePaths?.length) lines.push("- No evidence paths recorded");
-      lines.push("");
-      lines.push("### What was not checked");
-      (receipt.verification?.notChecked || []).forEach((item) => lines.push(`- ${item}`));
-      if (!receipt.verification?.notChecked?.length) lines.push("- Nothing explicitly unchecked");
-      lines.push("");
-      lines.push("### What to do next");
-      lines.push(wc.nextSafestAction || "Continue with smallest local scope.");
-      lines.push("");
-      lines.push("### Do not repeat");
-      (wc.doNotRepeat || []).forEach((item) => lines.push(`- ${item}`));
-      lines.push("");
-      lines.push("### Receipt paths");
-      (wc.carryForward?.receiptPaths || []).forEach((p) => lines.push(`- ${p}`));
-      lines.push(`- work-control: ${LATEST_WC_RECEIPT_REL_PATH}`);
-    }
-    return lines.join("\n") + "\n";
-  }
-  const surface = surfaceOrReceipt;
-  const stateLabel = (surface.finalState || "missing").toUpperCase().replace(/_/g, " ");
-  const lines = [
-    `Work Control: ${stateLabel}`,
-    `Final state: ${surface.finalState || "missing"}`,
-  ];
-  if (surface.nextSafestAction) lines.push(`Next: ${surface.nextSafestAction}`);
-  if (surface.latestReceiptPath) lines.push(`Receipt: ${surface.latestReceiptPath}`);
-  return lines.join("\n") + "\n";
-}
-module.exports = {
-  WORK_CONTROL_CONTRACT,
-  WORK_CONTROL_SCHEMA_VERSION,
-  LATEST_WC_RECEIPT_REL_PATH,
-  WC_EVENT_LOG_REL_PATH,
-  readLatestWorkControlReceipt,
-  buildWorkControlReceipt,
-  writeWorkControlReceipt,
-  buildWorkControlSurface,
-  formatWorkControlText,
-};