npm - avorelo - Versions diffs - 0.1.0 - Mend

avorelo 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/LICENSE +21 -0
package/README.md +56 -0
package/bin/avorelo +9 -0
package/package.json +135 -0
package/scripts/README.md +40 -0
package/scripts/cco-dashboard.js +252 -0
package/scripts/cco-status.js +430 -0
package/scripts/lib/activation/account-state.js +37 -0
package/scripts/lib/activation/activation-runner.js +546 -0
package/scripts/lib/activation/activation-self-healing.js +480 -0
package/scripts/lib/activation/activation-state.js +83 -0
package/scripts/lib/activation/activation-summary.js +191 -0
package/scripts/lib/activation/adapters/claude-code.js +77 -0
package/scripts/lib/activation/adapters/codex-cli.js +52 -0
package/scripts/lib/activation/adapters/cursor.js +37 -0
package/scripts/lib/activation/adapters/github-agent.js +39 -0
package/scripts/lib/activation/adapters/terminal.js +42 -0
package/scripts/lib/activation/adapters/vscode.js +39 -0
package/scripts/lib/activation/adapters/windsurf.js +37 -0
package/scripts/lib/activation/ai-surface-detector.js +151 -0
package/scripts/lib/activation/connect-account.js +145 -0
package/scripts/lib/activation/detect-environment.js +75 -0
package/scripts/lib/activation/detect-hosts.js +62 -0
package/scripts/lib/activation/format-activation-output.js +109 -0
package/scripts/lib/activation/next-action.js +43 -0
package/scripts/lib/activation/repair-engine.js +219 -0
package/scripts/lib/activation-distribution-readiness.js +507 -0
package/scripts/lib/adapter-conformance.js +176 -0
package/scripts/lib/adapter-readiness.js +417 -0
package/scripts/lib/adapter-safety-boundaries.js +335 -0
package/scripts/lib/adapter-technical-readiness-gate.js +205 -0
package/scripts/lib/agent-access-governance.js +455 -0
package/scripts/lib/agent-enforcement.js +765 -0
package/scripts/lib/agent-policy-profile.js +210 -0
package/scripts/lib/agent-security/action-evaluator.js +507 -0
package/scripts/lib/agent-security/adapter-registry.js +98 -0
package/scripts/lib/agent-security/auto-policy.js +139 -0
package/scripts/lib/agent-security/bounded-scan.js +93 -0
package/scripts/lib/agent-security/enforcement-adapter.js +174 -0
package/scripts/lib/agent-security/enforcement-engine.js +1129 -0
package/scripts/lib/agent-security/file-write-adapter.js +183 -0
package/scripts/lib/agent-security/file-write-rules.js +178 -0
package/scripts/lib/agent-security/index.js +3342 -0
package/scripts/lib/agent-security/instruction-risk.js +181 -0
package/scripts/lib/agent-security/mcp-action-adapter.js +185 -0
package/scripts/lib/agent-security/mcp-action-rules.js +184 -0
package/scripts/lib/agent-security/package-action-adapter.js +175 -0
package/scripts/lib/agent-security/package-action-rules.js +233 -0
package/scripts/lib/agent-security/performance.js +148 -0
package/scripts/lib/agent-security/permission-minimizer.js +403 -0
package/scripts/lib/agent-security/scan-cache.js +74 -0
package/scripts/lib/agent-security/source-trust.js +146 -0
package/scripts/lib/ai-install-prompt.js +288 -0
package/scripts/lib/ai-workspace-hygiene.js +1499 -0
package/scripts/lib/alpha-activation.js +520 -0
package/scripts/lib/alpha-feedback.js +263 -0
package/scripts/lib/alpha-readiness-gate.js +332 -0
package/scripts/lib/anti-gaming.js +169 -0
package/scripts/lib/artifact-health.js +431 -0
package/scripts/lib/attribution.js +180 -0
package/scripts/lib/audit.js +289 -0
package/scripts/lib/avorelo-skill-registry.js +810 -0
package/scripts/lib/batch-jobs.js +71 -0
package/scripts/lib/brain-pack.js +578 -0
package/scripts/lib/brand-boundary.js +424 -0
package/scripts/lib/brand.js +74 -0
package/scripts/lib/browser-capability.js +1048 -0
package/scripts/lib/browser-proof-preflight.js +321 -0
package/scripts/lib/cache-readiness.js +187 -0
package/scripts/lib/canonical-reentry.js +162 -0
package/scripts/lib/capability-packs.js +314 -0
package/scripts/lib/capability-recommender.js +512 -0
package/scripts/lib/capability-registry.js +1059 -0
package/scripts/lib/carry-forward-surfacing.js +194 -0
package/scripts/lib/ccusage-adapter.js +188 -0
package/scripts/lib/company-loop.js +1149 -0
package/scripts/lib/config.js +637 -0
package/scripts/lib/context-acquisition-plan.js +287 -0
package/scripts/lib/context-budget-guard.js +170 -0
package/scripts/lib/context-budget-scanner.js +257 -0
package/scripts/lib/context-optimizer.js +715 -0
package/scripts/lib/context-reduction-plan.js +178 -0
package/scripts/lib/context-safety.js +88 -0
package/scripts/lib/context-savings-engine.js +158 -0
package/scripts/lib/cost-evidence.js +254 -0
package/scripts/lib/cross-host-install-plan.js +308 -0
package/scripts/lib/cross-host-install-readiness.js +237 -0
package/scripts/lib/cross-host-value-flow.js +268 -0
package/scripts/lib/dashboard.js +900 -0
package/scripts/lib/design-partner-feedback.js +346 -0
package/scripts/lib/entitlements.js +100 -0
package/scripts/lib/execution-packet.js +559 -0
package/scripts/lib/experimentation-events.js +547 -0
package/scripts/lib/external-capability-compliance.js +107 -0
package/scripts/lib/external-user-simulation.js +166 -0
package/scripts/lib/failure-recovery-readiness.js +81 -0
package/scripts/lib/failure-recovery.js +419 -0
package/scripts/lib/feedback-intelligence.js +537 -0
package/scripts/lib/feedback-signals.js +205 -0
package/scripts/lib/file-integrity.js +68 -0
package/scripts/lib/fsx.js +127 -0
package/scripts/lib/full-readiness-gate.js +451 -0
package/scripts/lib/guidance-builder.js +174 -0
package/scripts/lib/hook-apply.js +1019 -0
package/scripts/lib/hook-baseline.js +310 -0
package/scripts/lib/hook-config-preview.js +275 -0
package/scripts/lib/hook-contracts.js +290 -0
package/scripts/lib/hook-safety-boundary-readiness.js +80 -0
package/scripts/lib/host-capability-matrix.js +351 -0
package/scripts/lib/host-support-context.js +254 -0
package/scripts/lib/http-hook-action.js +538 -0
package/scripts/lib/install-ai-readiness.js +84 -0
package/scripts/lib/install-intake-risk.js +1037 -0
package/scripts/lib/install-journey-intelligence.js +329 -0
package/scripts/lib/intervention-guidance.js +57 -0
package/scripts/lib/known-limitations.js +115 -0
package/scripts/lib/l8-path-truth.js +146 -0
package/scripts/lib/launch-hardening-gate.js +436 -0
package/scripts/lib/launch-readiness.js +628 -0
package/scripts/lib/learning-memory.js +686 -0
package/scripts/lib/lifecycle-hooks.js +802 -0
package/scripts/lib/local-package-smoke.js +423 -0
package/scripts/lib/local-pricing.js +299 -0
package/scripts/lib/mcp-enforcement.js +311 -0
package/scripts/lib/mcp-least-privilege-policy.js +303 -0
package/scripts/lib/mcp-tool-inventory.js +388 -0
package/scripts/lib/mcp-tool-risk.js +0 -0
package/scripts/lib/memory.js +335 -0
package/scripts/lib/metrics.js +699 -0
package/scripts/lib/micro-proof.js +133 -0
package/scripts/lib/next-run-context.js +436 -0
package/scripts/lib/operating-value.js +1648 -0
package/scripts/lib/optimization-v3.js +122 -0
package/scripts/lib/orchestration/adapters/_shared.js +49 -0
package/scripts/lib/orchestration/adapters/aider.js +18 -0
package/scripts/lib/orchestration/adapters/claude-code.js +35 -0
package/scripts/lib/orchestration/adapters/codex.js +35 -0
package/scripts/lib/orchestration/adapters/gemini-cli.js +18 -0
package/scripts/lib/orchestration/adapters/git.js +25 -0
package/scripts/lib/orchestration/adapters/index.js +31 -0
package/scripts/lib/orchestration/adapters/lm-studio.js +18 -0
package/scripts/lib/orchestration/adapters/ollama.js +18 -0
package/scripts/lib/orchestration/adapters/opencode.js +18 -0
package/scripts/lib/orchestration/adapters/openrouter.js +18 -0
package/scripts/lib/orchestration/adapters/test-runner.js +25 -0
package/scripts/lib/orchestration/cli.js +438 -0
package/scripts/lib/orchestration/execution-manager.js +279 -0
package/scripts/lib/orchestration/handoff.js +314 -0
package/scripts/lib/orchestration/index.js +456 -0
package/scripts/lib/orchestration/inventory.js +47 -0
package/scripts/lib/orchestration/model-discovery.js +498 -0
package/scripts/lib/orchestration/model-profiler.js +170 -0
package/scripts/lib/orchestration/model-profiles.js +252 -0
package/scripts/lib/orchestration/model-refresh-policy.js +72 -0
package/scripts/lib/orchestration/proof-writer.js +349 -0
package/scripts/lib/orchestration/provider-discovery/aider.js +49 -0
package/scripts/lib/orchestration/provider-discovery/claude-code.js +56 -0
package/scripts/lib/orchestration/provider-discovery/codex.js +49 -0
package/scripts/lib/orchestration/provider-discovery/common.js +186 -0
package/scripts/lib/orchestration/provider-discovery/gemini.js +106 -0
package/scripts/lib/orchestration/provider-discovery/lm-studio.js +118 -0
package/scripts/lib/orchestration/provider-discovery/models-dev.js +12 -0
package/scripts/lib/orchestration/provider-discovery/ollama.js +100 -0
package/scripts/lib/orchestration/provider-discovery/opencode.js +47 -0
package/scripts/lib/orchestration/provider-discovery/openrouter.js +44 -0
package/scripts/lib/orchestration/risk-classifier.js +130 -0
package/scripts/lib/orchestration/routing-policy.js +486 -0
package/scripts/lib/orchestration/settings.js +112 -0
package/scripts/lib/orchestration/state.js +165 -0
package/scripts/lib/orchestration/verification-manager.js +138 -0
package/scripts/lib/output-profiles.js +146 -0
package/scripts/lib/package-content-audit.js +368 -0
package/scripts/lib/package-runtime.js +278 -0
package/scripts/lib/plan-surface.js +53 -0
package/scripts/lib/plans.js +2318 -0
package/scripts/lib/policy-provider.js +27 -0
package/scripts/lib/prelaunch-activation-readiness.js +409 -0
package/scripts/lib/prelaunch-evidence-store.js +816 -0
package/scripts/lib/prelaunch-intelligence.js +869 -0
package/scripts/lib/pricing-experiment.js +118 -0
package/scripts/lib/pro-moment-events.js +77 -0
package/scripts/lib/pro-moment-state.js +227 -0
package/scripts/lib/pro-moments.js +1216 -0
package/scripts/lib/product-learning-events.js +629 -0
package/scripts/lib/project-profile.js +555 -0
package/scripts/lib/prompt-compiler.js +280 -0
package/scripts/lib/prompt-lint.js +32 -0
package/scripts/lib/prompt-suggestions.js +52 -0
package/scripts/lib/proof-canonical.js +398 -0
package/scripts/lib/proof-drilldown.js +383 -0
package/scripts/lib/proof-events.js +342 -0
package/scripts/lib/proof-history.js +243 -0
package/scripts/lib/proof-metrics.js +296 -0
package/scripts/lib/proof-outcome-evidence.js +134 -0
package/scripts/lib/proof-receipt.js +335 -0
package/scripts/lib/proof-record.js +461 -0
package/scripts/lib/public-activation-distribution-gate.js +258 -0
package/scripts/lib/public-cli.js +3891 -0
package/scripts/lib/public-distribution-truth.js +211 -0
package/scripts/lib/public-install-claim-checker.js +294 -0
package/scripts/lib/publish-provenance-readiness.js +283 -0
package/scripts/lib/readiness-delta.js +218 -0
package/scripts/lib/readiness-evidence-closure.js +196 -0
package/scripts/lib/reentry-memory-capture.js +241 -0
package/scripts/lib/reentry-memory-retrieval.js +302 -0
package/scripts/lib/reentry-memory-status.js +146 -0
package/scripts/lib/reentry-memory-store.js +178 -0
package/scripts/lib/reentry-state.js +66 -0
package/scripts/lib/release-candidate-bundle.js +166 -0
package/scripts/lib/remediation.js +81 -0
package/scripts/lib/repo-map.js +391 -0
package/scripts/lib/run-improvements-lifecycle.js +330 -0
package/scripts/lib/run-improvements.js +789 -0
package/scripts/lib/runtime-decision-policy.js +387 -0
package/scripts/lib/safe-path-engine.js +705 -0
package/scripts/lib/safe-run-controller.js +887 -0
package/scripts/lib/score.js +262 -0
package/scripts/lib/seamless-enforcement.js +329 -0
package/scripts/lib/seamless-outcome.js +689 -0
package/scripts/lib/seamless-reality-gate.js +5043 -0
package/scripts/lib/security-risk-classifier.js +511 -0
package/scripts/lib/security-scan.js +384 -0
package/scripts/lib/session-context-optimizer.js +1211 -0
package/scripts/lib/session-timing.js +315 -0
package/scripts/lib/skill-hygiene.js +805 -0
package/scripts/lib/skill-packs.js +161 -0
package/scripts/lib/skills-operating-layer.js +580 -0
package/scripts/lib/smart-work-routing.js +768 -0
package/scripts/lib/source-catalog.js +700 -0
package/scripts/lib/status-value-summary.js +32 -0
package/scripts/lib/support-bundle.js +578 -0
package/scripts/lib/task-continuation.js +440 -0
package/scripts/lib/test-helpers.js +15 -0
package/scripts/lib/tier.js +38 -0
package/scripts/lib/token-context-quality-gate.js +370 -0
package/scripts/lib/token-cost-capture.js +187 -0
package/scripts/lib/token-cost-intelligence.js +358 -0
package/scripts/lib/token-efficiency-evidence.js +213 -0
package/scripts/lib/token-evidence.js +699 -0
package/scripts/lib/tokenish.js +17 -0
package/scripts/lib/tool-output-sandbox.js +304 -0
package/scripts/lib/trust-audit.js +136 -0
package/scripts/lib/unified-events.js +396 -0
package/scripts/lib/upgrade-interruption-recovery.js +407 -0
package/scripts/lib/usage-ledger.js +201 -0
package/scripts/lib/value-ledger.js +130 -0
package/scripts/lib/value-proof-calibration.js +531 -0
package/scripts/lib/visual-qa.js +231 -0
package/scripts/lib/voice-alpha.js +29 -0
package/scripts/lib/work-aware-orchestration.js +976 -0
package/scripts/lib/work-control-receipts.js +577 -0
package/scripts/lib/work-ledger.js +1123 -0
package/scripts/lib/work-panel-preview.js +352 -0
package/scripts/lib/workflow-discipline.js +280 -0
package/scripts/lib/workflow-signals.js +419 -0
package/scripts/lib/workspace-map.js +281 -0
package/scripts/lib/workspace-registry.js +1367 -0
package/scripts/lib/workspace-resolver.js +480 -0

package/scripts/lib/run-improvements-lifecycle.js ADDED Viewed

@@ -0,0 +1,330 @@
+"use strict";
+// Run Improvements Lifecycle — manages the consumption and application receipt
+// for next-run defaults prepared by run-improvements.js.
+// Receipt schema: avorelo.runImprovementsReceipt.v1
+//
+// Lifecycle states:
+//   prepared          Improvements generated, ready
+//   consumed          A supported surface explicitly read the prepared defaults
+//   applied           Defaults made available to a next run; receipt exists
+//   expired           TTL exceeded on source artifact
+//   stale             Source fingerprint no longer matches current artifact
+//   insufficient_evidence  Not enough evidence to generate reliable defaults
+//   skipped           Explicitly skipped
+//   error             Unexpected error
+const fs = require("fs");
+const path = require("path");
+const RECEIPT_REL = ".claude/cco/state/run-improvements-receipt.json";
+const SCHEMA_VERSION = "avorelo.runImprovementsReceipt.v1";
+const LIFECYCLE_STATES = [
+  "prepared",
+  "consumed",
+  "applied",
+  "expired",
+  "stale",
+  "insufficient_evidence",
+  "skipped",
+  "error",
+];
+function nowIso() {
+  return new Date().toISOString();
+}
+function loadLifecycleReceipt(cwd) {
+  try {
+    const absPath = path.join(cwd, RECEIPT_REL);
+    const raw = JSON.parse(fs.readFileSync(absPath, "utf8"));
+    if (raw.schemaVersion !== SCHEMA_VERSION) return null;
+    return raw;
+  } catch {
+    return null;
+  }
+}
+function writeLifecycleReceipt(cwd, receipt) {
+  const absPath = path.join(cwd, RECEIPT_REL);
+  fs.mkdirSync(path.dirname(absPath), { recursive: true });
+  fs.writeFileSync(absPath, JSON.stringify(receipt, null, 2), "utf8");
+  return receipt;
+}
+function buildLifecycleReceipt(artifact, options = {}) {
+  const now = nowIso();
+  return {
+    schemaVersion: SCHEMA_VERSION,
+    generatedAt: now,
+    sourceRunFingerprint: artifact.sourceRunFingerprint,
+    runImprovementsArtifactId: artifact.sourceRunFingerprint,
+    lifecycleState: options.lifecycleState || "prepared",
+    surface: options.surface || null,
+    consumedAt: options.consumedAt || null,
+    appliedAt: options.appliedAt || null,
+    reasonCodes: options.reasonCodes || artifact.reasonCodes || [],
+    redactionStatus: "redacted",
+    limitations: options.limitations || artifact.limitations || [],
+  };
+}
+// Check if existing receipt is stale (source fingerprint no longer matches current artifact).
+function checkLifecycleStale(cwd) {
+  const receipt = loadLifecycleReceipt(cwd);
+  if (!receipt) return { stale: false, reason: "no_receipt" };
+  try {
+    const { loadRunImprovements } = require("./run-improvements");
+    const artifact = loadRunImprovements(cwd);
+    if (!artifact) return { stale: false, reason: "no_artifact" };
+    if (receipt.sourceRunFingerprint !== artifact.sourceRunFingerprint) {
+      return { stale: true, reason: "fingerprint_mismatch" };
+    }
+    return { stale: false, reason: "ok" };
+  } catch {
+    return { stale: false, reason: "check_error" };
+  }
+}
+// Mark as consumed — a supported surface explicitly read the prepared defaults.
+// Idempotent: same fingerprint already consumed or applied → return existing receipt.
+function consumeRunImprovements(cwd, surface) {
+  try {
+    const { loadRunImprovements } = require("./run-improvements");
+    const artifact = loadRunImprovements(cwd);
+    if (!artifact || artifact.status === "not_available" || artifact.status === "expired") {
+      return null;
+    }
+    const existing = loadLifecycleReceipt(cwd);
+    if (
+      existing &&
+      existing.sourceRunFingerprint === artifact.sourceRunFingerprint &&
+      (existing.lifecycleState === "consumed" || existing.lifecycleState === "applied")
+    ) {
+      return existing;
+    }
+    const now = nowIso();
+    const receipt = buildLifecycleReceipt(artifact, {
+      lifecycleState: "consumed",
+      surface: surface || "cli",
+      consumedAt: now,
+      appliedAt: null,
+    });
+    writeLifecycleReceipt(cwd, receipt);
+    _emitLifecycleAuditEvent(cwd, artifact, receipt, "run_improvements.consumed");
+    return receipt;
+  } catch {
+    return null;
+  }
+}
+// Mark as applied — defaults were made available to a next AI coding run
+// through a supported surface and an application receipt exists.
+// This is the only honest way to set applied=true on the main artifact.
+function applyRunImprovements(cwd, surface) {
+  try {
+    const { loadRunImprovements, RUN_IMPROVEMENTS_REL, SCHEMA_VERSION: RI_SCHEMA } = require("./run-improvements");
+    const artifact = loadRunImprovements(cwd);
+    if (!artifact || artifact.status === "not_available" || artifact.status === "expired") {
+      return { success: false, reason: "no_valid_artifact" };
+    }
+    const existing = loadLifecycleReceipt(cwd);
+    if (
+      existing &&
+      existing.sourceRunFingerprint === artifact.sourceRunFingerprint &&
+      existing.lifecycleState === "applied"
+    ) {
+      return { success: true, receipt: existing, reason: "already_applied" };
+    }
+    const now = nowIso();
+    const receipt = buildLifecycleReceipt(artifact, {
+      lifecycleState: "applied",
+      surface: surface || "cli",
+      consumedAt: existing?.consumedAt || now,
+      appliedAt: now,
+    });
+    writeLifecycleReceipt(cwd, receipt);
+    _emitLifecycleAuditEvent(cwd, artifact, receipt, "run_improvements.applied");
+    // Update the main artifact to reflect applied state (only when fingerprint matches)
+    try {
+      const absPath = path.join(cwd, RUN_IMPROVEMENTS_REL);
+      if (fs.existsSync(absPath)) {
+        const stored = JSON.parse(fs.readFileSync(absPath, "utf8"));
+        if (
+          stored.schemaVersion === RI_SCHEMA &&
+          stored.sourceRunFingerprint === artifact.sourceRunFingerprint
+        ) {
+          stored.status = "applied";
+          stored.applied = true;
+          stored.appliedAt = now;
+          fs.writeFileSync(absPath, JSON.stringify(stored, null, 2), "utf8");
+        }
+      }
+    } catch {}
+    return { success: true, receipt, reason: "applied" };
+  } catch (err) {
+    return { success: false, reason: "error", error: String(err.message) };
+  }
+}
+function _emitLifecycleAuditEvent(cwd, artifact, receipt, eventName) {
+  try {
+    const eventsPath = path.join(cwd, ".claude/cco/events/outcome-events.jsonl");
+    fs.mkdirSync(path.dirname(eventsPath), { recursive: true });
+    const safeEventName = eventName.replace(/\./g, "_");
+    const event = JSON.stringify({
+      event_id: `run_lc_${safeEventName}_${artifact.sourceRunFingerprint}`,
+      session_id: "avorelo-run-improvements",
+      timestamp: nowIso(),
+      category: "run_improvements",
+      event_name: safeEventName,
+      reason_code: "RUN_IMPROVEMENTS_LIFECYCLE",
+      confidence_score: 1.0,
+      platform: "avorelo",
+      metadata: {
+        schemaVersion: SCHEMA_VERSION,
+        lifecycleState: receipt.lifecycleState,
+        surface: receipt.surface,
+        sourceRunFingerprint: artifact.sourceRunFingerprint,
+        improvementCount: (artifact.topImprovements || []).length,
+        topCategories: [
+          ...new Set((artifact.topImprovements || []).map((i) => i.category)),
+        ].slice(0, 3),
+        redacted: true,
+      },
+    });
+    fs.appendFileSync(eventsPath, event + "\n", "utf8");
+  } catch {}
+}
+// Inject next-run context: generates the bounded next-run-context artifact,
+// marks consumed (defaults read) and applied (artifact written + receipt exists).
+// This is the real application path — `applied` requires this function to succeed.
+// Surface: "next_run_context" — never "cli" or generic display.
+function injectNextRunContext(cwd, options = {}) {
+  try {
+    const { loadRunImprovements, RUN_IMPROVEMENTS_REL, SCHEMA_VERSION: RI_SCHEMA } = require("./run-improvements");
+    const artifact = loadRunImprovements(cwd);
+    if (!artifact || artifact.status === "not_available" || artifact.status === "expired") {
+      return { success: false, reason: "no_valid_artifact", nextRunContextArtifact: null, receipt: null };
+    }
+    // Idempotency: same fingerprint already applied through next_run_context → return existing
+    const existing = loadLifecycleReceipt(cwd);
+    if (
+      existing &&
+      existing.sourceRunFingerprint === artifact.sourceRunFingerprint &&
+      existing.lifecycleState === "applied" &&
+      existing.surface === "next_run_context"
+    ) {
+      const { loadNextRunContext } = require("./next-run-context");
+      return {
+        success: true,
+        receipt: existing,
+        nextRunContextArtifact: loadNextRunContext(cwd),
+        reason: "already_applied",
+      };
+    }
+    // Step 1: generate the next-run context artifact (this "consumes" the defaults)
+    const { generateNextRunContextArtifact, emitNextRunContextEvent } = require("./next-run-context");
+    const { artifact: nrcArtifact, written } = generateNextRunContextArtifact(cwd, { force: options.force || false });
+    if (!nrcArtifact || nrcArtifact.status === "not_available" || nrcArtifact.status === "error") {
+      return {
+        success: false,
+        reason: "next_run_context_generation_failed",
+        nextRunContextArtifact: nrcArtifact,
+        receipt: null,
+      };
+    }
+    const now = nowIso();
+    // Step 2: consumed receipt — defaults were read and embedded into context artifact
+    const consumedReceipt = buildLifecycleReceipt(artifact, {
+      lifecycleState: "consumed",
+      surface: "next_run_context",
+      consumedAt: now,
+      appliedAt: null,
+    });
+    writeLifecycleReceipt(cwd, consumedReceipt);
+    _emitLifecycleAuditEvent(cwd, artifact, consumedReceipt, "run_improvements.consumed");
+    // Step 3: applied receipt — next-run-context artifact written and points to defaults
+    const appliedReceipt = buildLifecycleReceipt(artifact, {
+      lifecycleState: "applied",
+      surface: "next_run_context",
+      consumedAt: now,
+      appliedAt: now,
+      limitations: [
+        "Applied via next-run-context artifact injection.",
+        "Injected status requires session-start hook to read the artifact.",
+        ...(nrcArtifact.limitations || []).slice(0, 2),
+      ],
+    });
+    writeLifecycleReceipt(cwd, appliedReceipt);
+    _emitLifecycleAuditEvent(cwd, artifact, appliedReceipt, "run_improvements.applied");
+    // Step 4: update main run-improvements artifact to reflect applied state
+    try {
+      const absPath = path.join(cwd, RUN_IMPROVEMENTS_REL);
+      if (fs.existsSync(absPath)) {
+        const stored = JSON.parse(fs.readFileSync(absPath, "utf8"));
+        if (
+          stored.schemaVersion === RI_SCHEMA &&
+          stored.sourceRunFingerprint === artifact.sourceRunFingerprint
+        ) {
+          stored.status = "applied";
+          stored.applied = true;
+          stored.appliedAt = now;
+          fs.writeFileSync(absPath, JSON.stringify(stored, null, 2), "utf8");
+        }
+      }
+    } catch {}
+    // Step 5: mark next-run-context artifact as applied (now has lifecycle backing)
+    try {
+      const { updateNextRunContextStatus } = require("./next-run-context");
+      updateNextRunContextStatus(cwd, "applied");
+      emitNextRunContextEvent(cwd, { ...nrcArtifact, status: "applied" }, "next_run_context.applied");
+    } catch {}
+    return {
+      success: true,
+      receipt: appliedReceipt,
+      nextRunContextArtifact: { ...nrcArtifact, status: "applied" },
+      reason: written ? "injected" : "idempotent_existing",
+      defaultsCount: (nrcArtifact.appliedDefaults || []).length,
+      decisionsCount: nrcArtifact.activeDecisionCount || 0,
+      risksCount: nrcArtifact.activeRiskCount || 0,
+      surface: "next_run_context",
+      artifactPath: ".claude/cco/state/next-run-context.json",
+    };
+  } catch (err) {
+    return { success: false, reason: "error", error: String(err.message), nextRunContextArtifact: null, receipt: null };
+  }
+}
+module.exports = {
+  SCHEMA_VERSION,
+  LIFECYCLE_STATES,
+  RECEIPT_REL,
+  loadLifecycleReceipt,
+  writeLifecycleReceipt,
+  buildLifecycleReceipt,
+  consumeRunImprovements,
+  applyRunImprovements,
+  injectNextRunContext,
+  checkLifecycleStale,
+};