npm - avorelo - Versions diffs - 0.1.0 - Mend

avorelo 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/LICENSE +21 -0
package/README.md +56 -0
package/bin/avorelo +9 -0
package/package.json +135 -0
package/scripts/README.md +40 -0
package/scripts/cco-dashboard.js +252 -0
package/scripts/cco-status.js +430 -0
package/scripts/lib/activation/account-state.js +37 -0
package/scripts/lib/activation/activation-runner.js +546 -0
package/scripts/lib/activation/activation-self-healing.js +480 -0
package/scripts/lib/activation/activation-state.js +83 -0
package/scripts/lib/activation/activation-summary.js +191 -0
package/scripts/lib/activation/adapters/claude-code.js +77 -0
package/scripts/lib/activation/adapters/codex-cli.js +52 -0
package/scripts/lib/activation/adapters/cursor.js +37 -0
package/scripts/lib/activation/adapters/github-agent.js +39 -0
package/scripts/lib/activation/adapters/terminal.js +42 -0
package/scripts/lib/activation/adapters/vscode.js +39 -0
package/scripts/lib/activation/adapters/windsurf.js +37 -0
package/scripts/lib/activation/ai-surface-detector.js +151 -0
package/scripts/lib/activation/connect-account.js +145 -0
package/scripts/lib/activation/detect-environment.js +75 -0
package/scripts/lib/activation/detect-hosts.js +62 -0
package/scripts/lib/activation/format-activation-output.js +109 -0
package/scripts/lib/activation/next-action.js +43 -0
package/scripts/lib/activation/repair-engine.js +219 -0
package/scripts/lib/activation-distribution-readiness.js +507 -0
package/scripts/lib/adapter-conformance.js +176 -0
package/scripts/lib/adapter-readiness.js +417 -0
package/scripts/lib/adapter-safety-boundaries.js +335 -0
package/scripts/lib/adapter-technical-readiness-gate.js +205 -0
package/scripts/lib/agent-access-governance.js +455 -0
package/scripts/lib/agent-enforcement.js +765 -0
package/scripts/lib/agent-policy-profile.js +210 -0
package/scripts/lib/agent-security/action-evaluator.js +507 -0
package/scripts/lib/agent-security/adapter-registry.js +98 -0
package/scripts/lib/agent-security/auto-policy.js +139 -0
package/scripts/lib/agent-security/bounded-scan.js +93 -0
package/scripts/lib/agent-security/enforcement-adapter.js +174 -0
package/scripts/lib/agent-security/enforcement-engine.js +1129 -0
package/scripts/lib/agent-security/file-write-adapter.js +183 -0
package/scripts/lib/agent-security/file-write-rules.js +178 -0
package/scripts/lib/agent-security/index.js +3342 -0
package/scripts/lib/agent-security/instruction-risk.js +181 -0
package/scripts/lib/agent-security/mcp-action-adapter.js +185 -0
package/scripts/lib/agent-security/mcp-action-rules.js +184 -0
package/scripts/lib/agent-security/package-action-adapter.js +175 -0
package/scripts/lib/agent-security/package-action-rules.js +233 -0
package/scripts/lib/agent-security/performance.js +148 -0
package/scripts/lib/agent-security/permission-minimizer.js +403 -0
package/scripts/lib/agent-security/scan-cache.js +74 -0
package/scripts/lib/agent-security/source-trust.js +146 -0
package/scripts/lib/ai-install-prompt.js +288 -0
package/scripts/lib/ai-workspace-hygiene.js +1499 -0
package/scripts/lib/alpha-activation.js +520 -0
package/scripts/lib/alpha-feedback.js +263 -0
package/scripts/lib/alpha-readiness-gate.js +332 -0
package/scripts/lib/anti-gaming.js +169 -0
package/scripts/lib/artifact-health.js +431 -0
package/scripts/lib/attribution.js +180 -0
package/scripts/lib/audit.js +289 -0
package/scripts/lib/avorelo-skill-registry.js +810 -0
package/scripts/lib/batch-jobs.js +71 -0
package/scripts/lib/brain-pack.js +578 -0
package/scripts/lib/brand-boundary.js +424 -0
package/scripts/lib/brand.js +74 -0
package/scripts/lib/browser-capability.js +1048 -0
package/scripts/lib/browser-proof-preflight.js +321 -0
package/scripts/lib/cache-readiness.js +187 -0
package/scripts/lib/canonical-reentry.js +162 -0
package/scripts/lib/capability-packs.js +314 -0
package/scripts/lib/capability-recommender.js +512 -0
package/scripts/lib/capability-registry.js +1059 -0
package/scripts/lib/carry-forward-surfacing.js +194 -0
package/scripts/lib/ccusage-adapter.js +188 -0
package/scripts/lib/company-loop.js +1149 -0
package/scripts/lib/config.js +637 -0
package/scripts/lib/context-acquisition-plan.js +287 -0
package/scripts/lib/context-budget-guard.js +170 -0
package/scripts/lib/context-budget-scanner.js +257 -0
package/scripts/lib/context-optimizer.js +715 -0
package/scripts/lib/context-reduction-plan.js +178 -0
package/scripts/lib/context-safety.js +88 -0
package/scripts/lib/context-savings-engine.js +158 -0
package/scripts/lib/cost-evidence.js +254 -0
package/scripts/lib/cross-host-install-plan.js +308 -0
package/scripts/lib/cross-host-install-readiness.js +237 -0
package/scripts/lib/cross-host-value-flow.js +268 -0
package/scripts/lib/dashboard.js +900 -0
package/scripts/lib/design-partner-feedback.js +346 -0
package/scripts/lib/entitlements.js +100 -0
package/scripts/lib/execution-packet.js +559 -0
package/scripts/lib/experimentation-events.js +547 -0
package/scripts/lib/external-capability-compliance.js +107 -0
package/scripts/lib/external-user-simulation.js +166 -0
package/scripts/lib/failure-recovery-readiness.js +81 -0
package/scripts/lib/failure-recovery.js +419 -0
package/scripts/lib/feedback-intelligence.js +537 -0
package/scripts/lib/feedback-signals.js +205 -0
package/scripts/lib/file-integrity.js +68 -0
package/scripts/lib/fsx.js +127 -0
package/scripts/lib/full-readiness-gate.js +451 -0
package/scripts/lib/guidance-builder.js +174 -0
package/scripts/lib/hook-apply.js +1019 -0
package/scripts/lib/hook-baseline.js +310 -0
package/scripts/lib/hook-config-preview.js +275 -0
package/scripts/lib/hook-contracts.js +290 -0
package/scripts/lib/hook-safety-boundary-readiness.js +80 -0
package/scripts/lib/host-capability-matrix.js +351 -0
package/scripts/lib/host-support-context.js +254 -0
package/scripts/lib/http-hook-action.js +538 -0
package/scripts/lib/install-ai-readiness.js +84 -0
package/scripts/lib/install-intake-risk.js +1037 -0
package/scripts/lib/install-journey-intelligence.js +329 -0
package/scripts/lib/intervention-guidance.js +57 -0
package/scripts/lib/known-limitations.js +115 -0
package/scripts/lib/l8-path-truth.js +146 -0
package/scripts/lib/launch-hardening-gate.js +436 -0
package/scripts/lib/launch-readiness.js +628 -0
package/scripts/lib/learning-memory.js +686 -0
package/scripts/lib/lifecycle-hooks.js +802 -0
package/scripts/lib/local-package-smoke.js +423 -0
package/scripts/lib/local-pricing.js +299 -0
package/scripts/lib/mcp-enforcement.js +311 -0
package/scripts/lib/mcp-least-privilege-policy.js +303 -0
package/scripts/lib/mcp-tool-inventory.js +388 -0
package/scripts/lib/mcp-tool-risk.js +0 -0
package/scripts/lib/memory.js +335 -0
package/scripts/lib/metrics.js +699 -0
package/scripts/lib/micro-proof.js +133 -0
package/scripts/lib/next-run-context.js +436 -0
package/scripts/lib/operating-value.js +1648 -0
package/scripts/lib/optimization-v3.js +122 -0
package/scripts/lib/orchestration/adapters/_shared.js +49 -0
package/scripts/lib/orchestration/adapters/aider.js +18 -0
package/scripts/lib/orchestration/adapters/claude-code.js +35 -0
package/scripts/lib/orchestration/adapters/codex.js +35 -0
package/scripts/lib/orchestration/adapters/gemini-cli.js +18 -0
package/scripts/lib/orchestration/adapters/git.js +25 -0
package/scripts/lib/orchestration/adapters/index.js +31 -0
package/scripts/lib/orchestration/adapters/lm-studio.js +18 -0
package/scripts/lib/orchestration/adapters/ollama.js +18 -0
package/scripts/lib/orchestration/adapters/opencode.js +18 -0
package/scripts/lib/orchestration/adapters/openrouter.js +18 -0
package/scripts/lib/orchestration/adapters/test-runner.js +25 -0
package/scripts/lib/orchestration/cli.js +438 -0
package/scripts/lib/orchestration/execution-manager.js +279 -0
package/scripts/lib/orchestration/handoff.js +314 -0
package/scripts/lib/orchestration/index.js +456 -0
package/scripts/lib/orchestration/inventory.js +47 -0
package/scripts/lib/orchestration/model-discovery.js +498 -0
package/scripts/lib/orchestration/model-profiler.js +170 -0
package/scripts/lib/orchestration/model-profiles.js +252 -0
package/scripts/lib/orchestration/model-refresh-policy.js +72 -0
package/scripts/lib/orchestration/proof-writer.js +349 -0
package/scripts/lib/orchestration/provider-discovery/aider.js +49 -0
package/scripts/lib/orchestration/provider-discovery/claude-code.js +56 -0
package/scripts/lib/orchestration/provider-discovery/codex.js +49 -0
package/scripts/lib/orchestration/provider-discovery/common.js +186 -0
package/scripts/lib/orchestration/provider-discovery/gemini.js +106 -0
package/scripts/lib/orchestration/provider-discovery/lm-studio.js +118 -0
package/scripts/lib/orchestration/provider-discovery/models-dev.js +12 -0
package/scripts/lib/orchestration/provider-discovery/ollama.js +100 -0
package/scripts/lib/orchestration/provider-discovery/opencode.js +47 -0
package/scripts/lib/orchestration/provider-discovery/openrouter.js +44 -0
package/scripts/lib/orchestration/risk-classifier.js +130 -0
package/scripts/lib/orchestration/routing-policy.js +486 -0
package/scripts/lib/orchestration/settings.js +112 -0
package/scripts/lib/orchestration/state.js +165 -0
package/scripts/lib/orchestration/verification-manager.js +138 -0
package/scripts/lib/output-profiles.js +146 -0
package/scripts/lib/package-content-audit.js +368 -0
package/scripts/lib/package-runtime.js +278 -0
package/scripts/lib/plan-surface.js +53 -0
package/scripts/lib/plans.js +2318 -0
package/scripts/lib/policy-provider.js +27 -0
package/scripts/lib/prelaunch-activation-readiness.js +409 -0
package/scripts/lib/prelaunch-evidence-store.js +816 -0
package/scripts/lib/prelaunch-intelligence.js +869 -0
package/scripts/lib/pricing-experiment.js +118 -0
package/scripts/lib/pro-moment-events.js +77 -0
package/scripts/lib/pro-moment-state.js +227 -0
package/scripts/lib/pro-moments.js +1216 -0
package/scripts/lib/product-learning-events.js +629 -0
package/scripts/lib/project-profile.js +555 -0
package/scripts/lib/prompt-compiler.js +280 -0
package/scripts/lib/prompt-lint.js +32 -0
package/scripts/lib/prompt-suggestions.js +52 -0
package/scripts/lib/proof-canonical.js +398 -0
package/scripts/lib/proof-drilldown.js +383 -0
package/scripts/lib/proof-events.js +342 -0
package/scripts/lib/proof-history.js +243 -0
package/scripts/lib/proof-metrics.js +296 -0
package/scripts/lib/proof-outcome-evidence.js +134 -0
package/scripts/lib/proof-receipt.js +335 -0
package/scripts/lib/proof-record.js +461 -0
package/scripts/lib/public-activation-distribution-gate.js +258 -0
package/scripts/lib/public-cli.js +3891 -0
package/scripts/lib/public-distribution-truth.js +211 -0
package/scripts/lib/public-install-claim-checker.js +294 -0
package/scripts/lib/publish-provenance-readiness.js +283 -0
package/scripts/lib/readiness-delta.js +218 -0
package/scripts/lib/readiness-evidence-closure.js +196 -0
package/scripts/lib/reentry-memory-capture.js +241 -0
package/scripts/lib/reentry-memory-retrieval.js +302 -0
package/scripts/lib/reentry-memory-status.js +146 -0
package/scripts/lib/reentry-memory-store.js +178 -0
package/scripts/lib/reentry-state.js +66 -0
package/scripts/lib/release-candidate-bundle.js +166 -0
package/scripts/lib/remediation.js +81 -0
package/scripts/lib/repo-map.js +391 -0
package/scripts/lib/run-improvements-lifecycle.js +330 -0
package/scripts/lib/run-improvements.js +789 -0
package/scripts/lib/runtime-decision-policy.js +387 -0
package/scripts/lib/safe-path-engine.js +705 -0
package/scripts/lib/safe-run-controller.js +887 -0
package/scripts/lib/score.js +262 -0
package/scripts/lib/seamless-enforcement.js +329 -0
package/scripts/lib/seamless-outcome.js +689 -0
package/scripts/lib/seamless-reality-gate.js +5043 -0
package/scripts/lib/security-risk-classifier.js +511 -0
package/scripts/lib/security-scan.js +384 -0
package/scripts/lib/session-context-optimizer.js +1211 -0
package/scripts/lib/session-timing.js +315 -0
package/scripts/lib/skill-hygiene.js +805 -0
package/scripts/lib/skill-packs.js +161 -0
package/scripts/lib/skills-operating-layer.js +580 -0
package/scripts/lib/smart-work-routing.js +768 -0
package/scripts/lib/source-catalog.js +700 -0
package/scripts/lib/status-value-summary.js +32 -0
package/scripts/lib/support-bundle.js +578 -0
package/scripts/lib/task-continuation.js +440 -0
package/scripts/lib/test-helpers.js +15 -0
package/scripts/lib/tier.js +38 -0
package/scripts/lib/token-context-quality-gate.js +370 -0
package/scripts/lib/token-cost-capture.js +187 -0
package/scripts/lib/token-cost-intelligence.js +358 -0
package/scripts/lib/token-efficiency-evidence.js +213 -0
package/scripts/lib/token-evidence.js +699 -0
package/scripts/lib/tokenish.js +17 -0
package/scripts/lib/tool-output-sandbox.js +304 -0
package/scripts/lib/trust-audit.js +136 -0
package/scripts/lib/unified-events.js +396 -0
package/scripts/lib/upgrade-interruption-recovery.js +407 -0
package/scripts/lib/usage-ledger.js +201 -0
package/scripts/lib/value-ledger.js +130 -0
package/scripts/lib/value-proof-calibration.js +531 -0
package/scripts/lib/visual-qa.js +231 -0
package/scripts/lib/voice-alpha.js +29 -0
package/scripts/lib/work-aware-orchestration.js +976 -0
package/scripts/lib/work-control-receipts.js +577 -0
package/scripts/lib/work-ledger.js +1123 -0
package/scripts/lib/work-panel-preview.js +352 -0
package/scripts/lib/workflow-discipline.js +280 -0
package/scripts/lib/workflow-signals.js +419 -0
package/scripts/lib/workspace-map.js +281 -0
package/scripts/lib/workspace-registry.js +1367 -0
package/scripts/lib/workspace-resolver.js +480 -0

package/scripts/lib/skill-hygiene.js ADDED Viewed

@@ -0,0 +1,805 @@
+"use strict";
+const fs = require("fs");
+const path = require("path");
+const { parseSkillFile } = require("./avorelo-skill-registry");
+const HYGIENE_CONTRACT = "avorelo.skillHygiene.v1";
+const HYGIENE_SCHEMA_VERSION = 1;
+const MAX_ACCEPTED_CONTRIBUTIONS = 3;
+const MAX_CONTRIBUTION_TOKENS = 30;
+const DESCRIPTION_OVERLAP_THRESHOLD = 0.45;
+const ALLOWED_CONTRIBUTION_TYPES = new Set([
+  "verification_check",
+  "edge_case",
+  "required_output_field",
+  "security_caveat",
+  "compact_example",
+]);
+const BLOCKED_CONTRIBUTION_TYPES = new Set([
+  "duplicate_workflow",
+  "new_main_workflow_authority",
+  "new_risky_tool_mcp_authority",
+  "policy_conflicting_instruction",
+  "broad_execution_instruction",
+  "long_context_dump",
+  "workflow_step",
+]);
+const RISKY_CONTRIBUTION_REASON_CODES = new Set([
+  "conflicting_invocation_policy",
+  "conflicting_tool_policy",
+  "conflicting_verification_policy",
+  "conflicting_context_policy",
+  "conflicting_source_priority",
+  "policy_bypass_phrase",
+  "unsafe_auto_execution_phrase",
+  "mcp_server_reference",
+  "browser_control_reference",
+  "broad_file_write_language",
+  "secret_access_language",
+  "shell_execution_language",
+  "network_or_remote_fetch",
+]);
+const GENERIC_CAPABILITY_IDS = new Set([
+  "capability_binding_basic",
+  "skill_md_parser_basic",
+  "skill_pattern_extraction_basic",
+  "skill_trust_scan_basic",
+  "source_backed_skill_router_basic",
+  "reference_source_intake_basic",
+  "thin_adapter_guidance_sync_basic",
+]);
+function tokenize(text) {
+  return String(text || "")
+    .toLowerCase()
+    .replace(/[^a-z0-9/_-]+/g, " ")
+    .split(/\s+/)
+    .map((t) => t.trim())
+    .filter((t) => t.length >= 3);
+}
+function jaccardSimilarity(setA, setB) {
+  if (setA.size === 0 && setB.size === 0) return 0;
+  const intersection = new Set([...setA].filter((x) => setB.has(x)));
+  const union = new Set([...setA, ...setB]);
+  return intersection.size / union.size;
+}
+function descriptionOverlap(a, b) {
+  const tokA = new Set(tokenize(a));
+  const tokB = new Set(tokenize(b));
+  return jaccardSimilarity(tokA, tokB);
+}
+function hasCapabilityOverlap(a, b) {
+  const capsA = new Set((a.capabilityBindingSuggestions || []).filter((c) => !GENERIC_CAPABILITY_IDS.has(c)));
+  const capsB = new Set((b.capabilityBindingSuggestions || []).filter((c) => !GENERIC_CAPABILITY_IDS.has(c)));
+  const intersection = [...capsA].filter((x) => capsB.has(x));
+  return intersection.length > 0 ? intersection : null;
+}
+function hasTaskSignalOverlap(a, b) {
+  const sigA = new Set(tokenize((a.whenToUse || "") + " " + (a.description || "")));
+  const sigB = new Set(tokenize((b.whenToUse || "") + " " + (b.description || "")));
+  return jaccardSimilarity(sigA, sigB);
+}
+function detectDuplicateReasonCodes(skillA, skillB) {
+  const codes = [];
+  if (skillA.name && skillB.name && skillA.name === skillB.name) {
+    codes.push("duplicate_name");
+  }
+  const overlap = descriptionOverlap(skillA.description, skillB.description);
+  if (overlap >= DESCRIPTION_OVERLAP_THRESHOLD) {
+    codes.push("high_description_overlap");
+  }
+  const capOverlap = hasCapabilityOverlap(skillA, skillB);
+  if (capOverlap && capOverlap.length >= 1) {
+    codes.push("same_capability_binding");
+  }
+  const taskSig = hasTaskSignalOverlap(skillA, skillB);
+  if (taskSig >= 0.4) {
+    codes.push("same_task_signal");
+  }
+  const refsA = new Set(skillA.references || []);
+  const refsB = new Set(skillB.references || []);
+  const refOverlap = [...refsA].filter((r) => refsB.has(r));
+  if (refOverlap.length >= 2) {
+    codes.push("same_supporting_reference");
+  }
+  const reqA = tokenize(skillA.requiredOutput || skillA.requiredChecks || "");
+  const reqB = tokenize(skillB.requiredOutput || skillB.requiredChecks || "");
+  const reqOverlap = jaccardSimilarity(new Set(reqA), new Set(reqB));
+  if (reqOverlap >= 0.5 && reqA.length > 2 && reqB.length > 2) {
+    codes.push("same_required_output");
+  }
+  return codes;
+}
+function detectConflictReasonCodes(skillA, skillB) {
+  const codes = [];
+  const rawA = [skillA.workflow, skillA.antiPatterns, skillA.stopConditions, skillA.whenToUse, skillA.requiredChecks].join(" ");
+  const rawB = [skillB.workflow, skillB.antiPatterns, skillB.stopConditions, skillB.whenToUse, skillB.requiredChecks].join(" ");
+  const bypassPattern = /\b(ignore|bypass|disable|remove)\s+(?:the\s+)?(?:policy|guardrails|audit|proof|verification|review)\b/i;
+  if (bypassPattern.test(rawA) || bypassPattern.test(rawB)) {
+    codes.push("policy_bypass_phrase");
+  }
+  const autoExecPattern = /\b(auto-?run|execute automatically|run immediately|always execute)\b/i;
+  if (autoExecPattern.test(rawA) || autoExecPattern.test(rawB)) {
+    codes.push("unsafe_auto_execution_phrase");
+  }
+  const hasNeverA = /\bnever\s+(run|execute|call|invoke)\b/i.test(rawA);
+  const hasAlwaysB = /\balways\s+(run|execute|call|invoke)\b/i.test(rawB);
+  const hasNeverB = /\bnever\s+(run|execute|call|invoke)\b/i.test(rawB);
+  const hasAlwaysA = /\balways\s+(run|execute|call|invoke)\b/i.test(rawA);
+  if ((hasNeverA && hasAlwaysB) || (hasNeverB && hasAlwaysA)) {
+    codes.push("conflicting_invocation_policy");
+  }
+  return codes;
+}
+function detectContextHeavyReasonCodes(skill) {
+  const codes = [];
+  if (skill.contextWeight?.label === "high") {
+    codes.push("context_heavy_skill");
+  }
+  if ((skill.examples || "").length > 2000) {
+    codes.push("long_inline_examples");
+  }
+  if (skill.contextWeight?.lazyLoadRecommended) {
+    codes.push("lazy_load_recommended");
+  }
+  return codes;
+}
+function detectSecurityHygieneReasonCodes(skill) {
+  const codes = [];
+  const warningCodes = new Set((skill.warnings || []).map((w) => w.code));
+  if (warningCodes.has("hidden_unicode")) codes.push("hidden_unicode");
+  if (warningCodes.has("external_script_metadata_only")) codes.push("external_script_metadata_only");
+  if (warningCodes.has("unreviewed_source") || warningCodes.has("blocked_source")) {
+    codes.push("blocked_or_unreviewed_source");
+  }
+  const rawText = [skill.workflow, skill.whenToUse, skill.description, skill.antiPatterns, skill.stopConditions].join(" ");
+  const bypassPat = /\b(ignore|bypass|disable|remove)\s+(?:the\s+)?(?:policy|guardrails|audit|proof|verification|review)\b/i;
+  if (warningCodes.has("policy_bypass_phrase") || bypassPat.test(rawText)) codes.push("policy_bypass_phrase");
+  const autoExecPat = /\b(auto-?run|execute automatically|run immediately|always execute)\b/i;
+  if (warningCodes.has("unsafe_auto_execution_phrase") || autoExecPat.test(rawText)) codes.push("unsafe_auto_execution_phrase");
+  if (/\b(curl|wget|fetch)\b.*\b(http|https):\/\//i.test(rawText)) codes.push("network_or_remote_fetch");
+  if (/\b(bash|sh|shell|exec|spawn|child_process)\b/i.test(rawText)) codes.push("shell_execution_language");
+  if (/\bmcp[_\s]server\b/i.test(rawText)) codes.push("mcp_server_reference");
+  if (/\b(browser[_\s]control|headless[_\s]browser|pw[_\s]browser|selenium[_\s]driver)\b/i.test(rawText)) codes.push("browser_control_reference");
+  if (/\b(write[_\s]file|fs\.write|writeFileSync|create[_\s]file)\b/i.test(rawText)) codes.push("broad_file_write_language");
+  if (/\b(secret|api[_\s]key|password|credential|token)\b/i.test(rawText)) codes.push("secret_access_language");
+  return [...new Set(codes)];
+}
+function detectStalenessReasonCodes(skill) {
+  const codes = [];
+  if (skill.warnings?.some((w) => w.code === "missing_supporting_file")) {
+    codes.push("missing_supporting_file");
+  }
+  if (skill.sourceReviewStatus === "deferred" || skill.deferredReason?.includes("deferred")) {
+    codes.push("deferred_or_blocked_source");
+  }
+  return codes;
+}
+function isSkillUnsafe(skill) {
+  const secCodes = detectSecurityHygieneReasonCodes(skill);
+  const criticalCodes = new Set([
+    "hidden_unicode",
+    "policy_bypass_phrase",
+    "unsafe_auto_execution_phrase",
+    "blocked_or_unreviewed_source",
+  ]);
+  return secCodes.some((c) => criticalCodes.has(c));
+}
+function selectPrimaryFromGroup(skills) {
+  const sorted = [...skills].sort((a, b) => {
+    const aScore = primaryScore(a);
+    const bScore = primaryScore(b);
+    if (bScore !== aScore) return bScore - aScore;
+    return a.id.localeCompare(b.id);
+  });
+  return sorted[0];
+}
+function primaryScore(skill) {
+  let score = 0;
+  if (skill.packId === "avorelo") score += 10;
+  else if (skill.sourceReviewStatus === "trusted") score += 8;
+  else if (skill.sourceReviewStatus === "reviewed") score += 6;
+  if (skill.routeEligible) score += 4;
+  const secCodes = detectSecurityHygieneReasonCodes(skill);
+  score -= secCodes.length * 2;
+  if (skill.contextWeight?.label === "low") score += 2;
+  else if (skill.contextWeight?.label === "medium") score += 1;
+  else if (skill.contextWeight?.label === "high") score -= 1;
+  return score;
+}
+function extractBoundedContributions(primarySkill, shadowSkill) {
+  const contributions = [];
+  const primaryChecks = tokenize(primarySkill.requiredChecks || primarySkill.definitionOfDone || "");
+  const shadowChecks = tokenize(shadowSkill.requiredChecks || shadowSkill.definitionOfDone || "");
+  if (shadowChecks.length > 0) {
+    const overlap = jaccardSimilarity(new Set(primaryChecks), new Set(shadowChecks));
+    if (overlap < 0.6 && shadowChecks.length <= 20) {
+      const uniqueTokens = shadowChecks.filter((t) => !primaryChecks.includes(t));
+      if (uniqueTokens.length >= 2) {
+        const secCodes = detectSecurityHygieneReasonCodes(shadowSkill);
+        const hasRisky = secCodes.some((c) => RISKY_CONTRIBUTION_REASON_CODES.has(c));
+        if (!hasRisky) {
+          contributions.push({
+            fromSkill: shadowSkill.id,
+            type: "verification_check",
+            text: `Verify: ${uniqueTokens.slice(0, 8).join(", ")}`,
+            reasonCodes: ["unique_verification_check", "non_conflicting"],
+            contextTokensEstimated: Math.min(uniqueTokens.length * 2, MAX_CONTRIBUTION_TOKENS),
+          });
+        }
+      }
+    }
+  }
+  const primaryWhenNot = tokenize(primarySkill.whenNotToUse || "");
+  const shadowWhenNot = tokenize(shadowSkill.whenNotToUse || "");
+  if (shadowWhenNot.length > 2) {
+    const overlap = jaccardSimilarity(new Set(primaryWhenNot), new Set(shadowWhenNot));
+    if (overlap < 0.5 && shadowWhenNot.length <= 15) {
+      const uniqueTokens = shadowWhenNot.filter((t) => !primaryWhenNot.includes(t));
+      if (uniqueTokens.length >= 2) {
+        contributions.push({
+          fromSkill: shadowSkill.id,
+          type: "edge_case",
+          text: `Edge: ${uniqueTokens.slice(0, 6).join(", ")}`,
+          reasonCodes: ["unique_edge_case", "non_conflicting"],
+          contextTokensEstimated: Math.min(uniqueTokens.length * 2, MAX_CONTRIBUTION_TOKENS),
+        });
+      }
+    }
+  }
+  return contributions.slice(0, MAX_ACCEPTED_CONTRIBUTIONS);
+}
+function classifyContribution(contribution, primarySkill, shadowSkill) {
+  if (!ALLOWED_CONTRIBUTION_TYPES.has(contribution.type)) {
+    return {
+      ...contribution,
+      accepted: false,
+      reasonCodes: [...(contribution.reasonCodes || []), "disallowed_contribution_type"],
+    };
+  }
+  if (BLOCKED_CONTRIBUTION_TYPES.has(contribution.type)) {
+    return {
+      ...contribution,
+      accepted: false,
+      reasonCodes: [...(contribution.reasonCodes || []), "blocked_type"],
+    };
+  }
+  const secCodes = detectSecurityHygieneReasonCodes(shadowSkill);
+  const hasRisky = secCodes.some((c) => RISKY_CONTRIBUTION_REASON_CODES.has(c));
+  if (hasRisky) {
+    return {
+      ...contribution,
+      accepted: false,
+      reasonCodes: [...(contribution.reasonCodes || []), ...secCodes.filter((c) => RISKY_CONTRIBUTION_REASON_CODES.has(c))],
+    };
+  }
+  return { ...contribution, accepted: true };
+}
+function detectDuplicateGroups(skills) {
+  const groups = [];
+  const grouped = new Set();
+  for (let i = 0; i < skills.length; i++) {
+    if (grouped.has(skills[i].id)) continue;
+    const group = [skills[i]];
+    const groupReasons = {};
+    for (let j = i + 1; j < skills.length; j++) {
+      if (grouped.has(skills[j].id)) continue;
+      const codes = detectDuplicateReasonCodes(skills[i], skills[j]);
+      if (codes.length > 0) {
+        group.push(skills[j]);
+        groupReasons[skills[j].id] = codes;
+        grouped.add(skills[j].id);
+      }
+    }
+    if (group.length > 1) {
+      grouped.add(skills[i].id);
+      groups.push({
+        skillIds: group.map((s) => s.id),
+        reasonCodes: groupReasons,
+      });
+    }
+  }
+  return groups;
+}
+function detectConflictGroups(skills) {
+  const groups = [];
+  const seen = new Set();
+  for (let i = 0; i < skills.length; i++) {
+    for (let j = i + 1; j < skills.length; j++) {
+      const key = `${skills[i].id}::${skills[j].id}`;
+      if (seen.has(key)) continue;
+      const codes = detectConflictReasonCodes(skills[i], skills[j]);
+      if (codes.length > 0) {
+        seen.add(key);
+        groups.push({
+          skillIds: [skills[i].id, skills[j].id],
+          reasonCodes: codes,
+        });
+      }
+    }
+  }
+  return groups;
+}
+function buildSkillHygiene(registry, options = {}) {
+  const skills = (registry.skills || []).filter((s) => s.routeEligible);
+  const allSkills = registry.skills || [];
+  const duplicateGroups = detectDuplicateGroups(skills);
+  const conflictGroups = detectConflictGroups(skills);
+  const contextHeavySkills = allSkills
+    .filter((s) => s.contextWeight?.label === "high")
+    .map((s) => ({ skillId: s.id, reasonCodes: detectContextHeavyReasonCodes(s) }));
+  const unsafeSkills = allSkills
+    .filter((s) => isSkillUnsafe(s))
+    .map((s) => ({ skillId: s.id, reasonCodes: detectSecurityHygieneReasonCodes(s) }));
+  const shadowCandidates = [];
+  const routingGuards = [];
+  duplicateGroups.forEach((group) => {
+    const groupSkills = group.skillIds
+      .map((id) => skills.find((s) => s.id === id))
+      .filter(Boolean);
+    const primary = selectPrimaryFromGroup(groupSkills);
+    const shadows = groupSkills.filter((s) => s.id !== primary.id);
+    shadows.forEach((shadow) => {
+      const rawContribs = extractBoundedContributions(primary, shadow);
+      const classified = rawContribs.map((c) => classifyContribution(c, primary, shadow));
+      const accepted = classified.filter((c) => c.accepted);
+      const rejected = classified.filter((c) => !c.accepted);
+      shadowCandidates.push({
+        skillId: shadow.id,
+        primarySkillId: primary.id,
+        duplicateReasonCodes: group.reasonCodes[shadow.id] || [],
+        acceptedContributions: accepted,
+        rejectedContributions: rejected,
+      });
+    });
+    const conflictsForGroup = conflictGroups.filter((cg) =>
+      cg.skillIds.some((id) => group.skillIds.includes(id))
+    );
+    const acceptedFromShadows = shadowCandidates
+      .filter((sc) => sc.primarySkillId === primary.id)
+      .flatMap((sc) => sc.acceptedContributions);
+    const hygieneDecision = conflictsForGroup.length > 0
+      ? "selected_primary_only"
+      : acceptedFromShadows.length > 0
+      ? "primary_plus_bounded_contributions"
+      : "deduped";
+    routingGuards.push({
+      taskCapabilityScope: primary.capabilityBindingSuggestions?.slice(0, 3) || [],
+      primarySkillId: primary.id,
+      suppressedSkillIds: shadows.map((s) => s.id),
+      hygieneDecision,
+      reasonCodes: group.reasonCodes,
+      conflictAvoided: conflictsForGroup.flatMap((cg) => cg.reasonCodes),
+    });
+  });
+  const allReasonCodes = [
+    ...duplicateGroups.flatMap((g) => Object.values(g.reasonCodes).flat()),
+    ...conflictGroups.flatMap((g) => g.reasonCodes),
+    ...contextHeavySkills.flatMap((s) => s.reasonCodes),
+  ];
+  const reasonCodeCounts = {};
+  allReasonCodes.forEach((code) => {
+    reasonCodeCounts[code] = (reasonCodeCounts[code] || 0) + 1;
+  });
+  const topReasonCodes = Object.entries(reasonCodeCounts)
+    .sort((a, b) => b[1] - a[1])
+    .slice(0, 8)
+    .map(([code]) => code);
+  const totalAccepted = shadowCandidates.reduce((sum, sc) => sum + sc.acceptedContributions.length, 0);
+  const totalRejected = shadowCandidates.reduce((sum, sc) => sum + sc.rejectedContributions.length, 0);
+  const routeEligibleAfterHygiene = skills.length - shadowCandidates.length;
+  const hygieneStatus =
+    unsafeSkills.length > 0 || conflictGroups.length > 0 ? "action_needed"
+    : duplicateGroups.length > 0 || contextHeavySkills.length > 0 ? "watch"
+    : "clean";
+  const nextAction =
+    hygieneStatus === "action_needed"
+      ? "Review unsafe or conflicting skills. Run `avorelo skills hygiene --json` for details."
+      : hygieneStatus === "watch"
+      ? "Duplicate groups detected. Check shadow candidates for context savings."
+      : "Skills hygiene is clean. No duplicate full activation detected.";
+  return {
+    schemaVersion: HYGIENE_SCHEMA_VERSION,
+    contract: HYGIENE_CONTRACT,
+    generatedAt: new Date().toISOString(),
+    summary: {
+      totalSkills: allSkills.length,
+      routeEligibleSkills: skills.length,
+      duplicateGroups: duplicateGroups.length,
+      conflictGroups: conflictGroups.length,
+      shadowCandidates: shadowCandidates.length,
+      acceptedContributions: totalAccepted,
+      rejectedContributions: totalRejected,
+      contextHeavySkills: contextHeavySkills.length,
+      unsafeSkills: unsafeSkills.length,
+      routeEligibleAfterHygiene,
+    },
+    duplicateGroups,
+    conflictGroups,
+    shadowCandidates,
+    routingGuards,
+    contextHeavySkills,
+    unsafeSkills,
+    topReasonCodes,
+    hygieneStatus,
+    nextAction,
+    redacted: true,
+  };
+}
+function selectPrimarySkillForTask(skills, task, options = {}) {
+  const taskText = String(task || "").trim();
+  const eligible = skills.filter((s) => s.routeEligible && !isSkillUnsafe(s));
+  if (eligible.length === 0) return null;
+  const scored = eligible.map((s) => ({ skill: s, score: primaryScore(s) }));
+  scored.sort((a, b) => {
+    if (b.score !== a.score) return b.score - a.score;
+    return a.skill.id.localeCompare(b.skill.id);
+  });
+  return scored[0]?.skill || null;
+}
+function buildBoundedContributions(primarySkill, shadowSkills, options = {}) {
+  const allContributions = [];
+  for (const shadow of shadowSkills) {
+    const raw = extractBoundedContributions(primarySkill, shadow);
+    const classified = raw.map((c) => classifyContribution(c, primarySkill, shadow));
+    allContributions.push(...classified);
+    if (allContributions.filter((c) => c.accepted).length >= MAX_ACCEPTED_CONTRIBUTIONS) break;
+  }
+  return {
+    accepted: allContributions.filter((c) => c.accepted).slice(0, MAX_ACCEPTED_CONTRIBUTIONS),
+    rejected: allContributions.filter((c) => !c.accepted),
+  };
+}
+function buildRouteHygiene(registry, routeResult, options = {}) {
+  const hygiene = buildSkillHygiene(registry, options);
+  const primaryId = routeResult.primarySkill?.id || null;
+  if (!primaryId) {
+    return {
+      hygieneDecision: "clean",
+      primarySkill: null,
+      suppressedDuplicateSkills: [],
+      shadowSkills: [],
+      acceptedContributions: [],
+      rejectedContributions: [],
+      conflictAvoided: [],
+      contextBudgetApplied: false,
+      reasonCodes: [],
+      hygieneWarnings: [],
+    };
+  }
+  const isUnsafe = hygiene.unsafeSkills.some((u) => u.skillId === primaryId);
+  if (isUnsafe) {
+    return {
+      hygieneDecision: "blocked_from_auto_route",
+      primarySkill: primaryId,
+      suppressedDuplicateSkills: [],
+      shadowSkills: [],
+      acceptedContributions: [],
+      rejectedContributions: [],
+      conflictAvoided: [],
+      contextBudgetApplied: false,
+      reasonCodes: hygiene.unsafeSkills.find((u) => u.skillId === primaryId)?.reasonCodes || [],
+      hygieneWarnings: ["primary_skill_flagged_unsafe"],
+    };
+  }
+  const guardForPrimary = hygiene.routingGuards.find((g) => g.primarySkillId === primaryId);
+  if (guardForPrimary) {
+    const shadowCandidatesForPrimary = hygiene.shadowCandidates.filter((sc) => sc.primarySkillId === primaryId);
+    return {
+      hygieneDecision: guardForPrimary.hygieneDecision,
+      primarySkill: primaryId,
+      suppressedDuplicateSkills: guardForPrimary.suppressedSkillIds,
+      shadowSkills: shadowCandidatesForPrimary.map((sc) => sc.skillId),
+      acceptedContributions: shadowCandidatesForPrimary.flatMap((sc) => sc.acceptedContributions),
+      rejectedContributions: shadowCandidatesForPrimary.flatMap((sc) => sc.rejectedContributions),
+      conflictAvoided: guardForPrimary.conflictAvoided,
+      contextBudgetApplied: guardForPrimary.suppressedSkillIds.length > 0,
+      reasonCodes: Object.values(guardForPrimary.reasonCodes || {}).flat(),
+      hygieneWarnings: [],
+    };
+  }
+  const shadowEntry = hygiene.shadowCandidates.find((sc) => sc.skillId === primaryId);
+  if (shadowEntry) {
+    const hygienePrimary = shadowEntry.primarySkillId;
+    const guardForHygienePrimary = hygiene.routingGuards.find((g) => g.primarySkillId === hygienePrimary);
+    return {
+      hygieneDecision: "deduped",
+      primarySkill: primaryId,
+      suppressedDuplicateSkills: [],
+      shadowSkills: [],
+      acceptedContributions: shadowEntry.acceptedContributions || [],
+      rejectedContributions: shadowEntry.rejectedContributions || [],
+      conflictAvoided: guardForHygienePrimary?.conflictAvoided || [],
+      contextBudgetApplied: false,
+      reasonCodes: shadowEntry.duplicateReasonCodes || [],
+      hygieneWarnings: [`route_primary_is_shadow_under_${hygienePrimary}`],
+    };
+  }
+  const isContextHeavy = hygiene.contextHeavySkills.some((c) => c.skillId === primaryId);
+  return {
+    hygieneDecision: "clean",
+    primarySkill: primaryId,
+    suppressedDuplicateSkills: [],
+    shadowSkills: [],
+    acceptedContributions: [],
+    rejectedContributions: [],
+    conflictAvoided: [],
+    contextBudgetApplied: false,
+    reasonCodes: [],
+    hygieneWarnings: isContextHeavy ? ["primary_skill_context_heavy_lazy_load_recommended"] : [],
+  };
+}
+function buildSkillIntakeCheck(cwd, candidateSkillPath, options = {}) {
+  const registry = options.registry || null;
+  let candidateSkill;
+  try {
+    const absPath = path.resolve(cwd, candidateSkillPath);
+    candidateSkill = parseSkillFile(cwd, absPath);
+  } catch (err) {
+    return {
+      schemaVersion: HYGIENE_SCHEMA_VERSION,
+      contract: "avorelo.skillIntakeCheck.v1",
+      generatedAt: new Date().toISOString(),
+      candidatePath: candidateSkillPath,
+      decision: "block",
+      reasonCodes: ["parse_error"],
+      message: `Could not parse candidate skill: ${err.message}`,
+      duplicateMatches: [],
+      conflictMatches: [],
+      securityFlags: [],
+      redacted: true,
+    };
+  }
+  const secCodes = detectSecurityHygieneReasonCodes(candidateSkill);
+  const criticalSec = ["hidden_unicode", "policy_bypass_phrase", "unsafe_auto_execution_phrase", "blocked_or_unreviewed_source"];
+  if (secCodes.some((c) => criticalCodes.has(c))) {
+    return {
+      schemaVersion: HYGIENE_SCHEMA_VERSION,
+      contract: "avorelo.skillIntakeCheck.v1",
+      generatedAt: new Date().toISOString(),
+      candidatePath: candidateSkillPath,
+      decision: "block",
+      reasonCodes: secCodes,
+      message: "Candidate skill has critical security flags and cannot be admitted.",
+      duplicateMatches: [],
+      conflictMatches: [],
+      securityFlags: secCodes,
+      redacted: true,
+    };
+  }
+  const existingSkills = registry ? (registry.skills || []) : [];
+  const duplicateMatches = [];
+  const conflictMatches = [];
+  existingSkills.forEach((existing) => {
+    const dupCodes = detectDuplicateReasonCodes(candidateSkill, existing);
+    if (dupCodes.length > 0) {
+      duplicateMatches.push({ skillId: existing.id, reasonCodes: dupCodes });
+    }
+    const conflictCodes = detectConflictReasonCodes(candidateSkill, existing);
+    if (conflictCodes.length > 0) {
+      conflictMatches.push({ skillId: existing.id, reasonCodes: conflictCodes });
+    }
+  });
+  let decision = "allow";
+  if (conflictMatches.length > 0) {
+    decision = "block";
+  } else if (duplicateMatches.length > 0 && duplicateMatches.some((m) => m.reasonCodes.includes("same_capability_binding") || m.reasonCodes.includes("high_description_overlap"))) {
+    decision = "merge_recommended";
+  } else if (duplicateMatches.length > 0) {
+    decision = "warn";
+  }
+  const reasonCodes = [
+    ...(duplicateMatches.flatMap((m) => m.reasonCodes)),
+    ...(conflictMatches.flatMap((m) => m.reasonCodes)),
+    ...secCodes,
+  ];
+  return {
+    schemaVersion: HYGIENE_SCHEMA_VERSION,
+    contract: "avorelo.skillIntakeCheck.v1",
+    generatedAt: new Date().toISOString(),
+    candidatePath: candidateSkillPath,
+    candidateSkillId: candidateSkill.id,
+    candidateSkillName: candidateSkill.name,
+    decision,
+    reasonCodes: [...new Set(reasonCodes)],
+    message: intakeDecisionMessage(decision, duplicateMatches, conflictMatches),
+    duplicateMatches,
+    conflictMatches,
+    securityFlags: secCodes,
+    redacted: true,
+  };
+}
+function intakeDecisionMessage(decision, duplicateMatches, conflictMatches) {
+  if (decision === "block") return `Candidate skill conflicts with ${conflictMatches.length} existing skill(s). Review conflicts before admission.`;
+  if (decision === "merge_recommended") return `Candidate skill overlaps significantly with ${duplicateMatches.length} existing skill(s). Consider merging or extracting unique contributions.`;
+  if (decision === "warn") return `Candidate skill has minor overlap with ${duplicateMatches.length} existing skill(s). Review before adding.`;
+  return "Candidate skill passes hygiene checks.";
+}
+function summarizeSkillHygiene(hygiene) {
+  const s = hygiene.summary || {};
+  return {
+    hygieneStatus: hygiene.hygieneStatus,
+    totalSkills: s.totalSkills,
+    duplicateGroups: s.duplicateGroups,
+    conflictGroups: s.conflictGroups,
+    shadowCandidates: s.shadowCandidates,
+    acceptedContributions: s.acceptedContributions,
+    contextHeavySkills: s.contextHeavySkills,
+    unsafeSkills: s.unsafeSkills,
+    routeEligibleAfterHygiene: s.routeEligibleAfterHygiene,
+    topReasonCodes: hygiene.topReasonCodes || [],
+    nextAction: hygiene.nextAction,
+  };
+}
+function formatSkillHygieneText(hygiene) {
+  const s = hygiene.summary || {};
+  const lines = [
+    `Skills Hygiene: ${(hygiene.hygieneStatus || "clean").toUpperCase()} · deduped=${s.duplicateGroups || 0} · shadow=${s.shadowCandidates || 0} · contributions=${s.acceptedContributions || 0} · conflicts=${s.conflictGroups || 0}`,
+    `  total=${s.totalSkills || 0} · context_heavy=${s.contextHeavySkills || 0} · unsafe=${s.unsafeSkills || 0} · eligible_after_hygiene=${s.routeEligibleAfterHygiene || 0}`,
+  ];
+  if (hygiene.topReasonCodes?.length) {
+    lines.push(`  top_reason_codes: ${hygiene.topReasonCodes.slice(0, 5).join(", ")}`);
+  }
+  if (hygiene.duplicateGroups?.length) {
+    lines.push("");
+    lines.push("Duplicate Groups:");
+    hygiene.duplicateGroups.forEach((g) => {
+      lines.push(`  [${g.skillIds.join(" vs ")}] — ${Object.values(g.reasonCodes).flat().join(", ")}`);
+    });
+  }
+  if (hygiene.shadowCandidates?.length) {
+    lines.push("");
+    lines.push("Shadow Candidates:");
+    hygiene.shadowCandidates.forEach((sc) => {
+      const contrib = sc.acceptedContributions?.length || 0;
+      lines.push(`  ${sc.skillId} → shadow under ${sc.primarySkillId} (contributions=${contrib})`);
+    });
+  }
+  if (hygiene.conflictGroups?.length) {
+    lines.push("");
+    lines.push("Conflict Groups:");
+    hygiene.conflictGroups.forEach((g) => {
+      lines.push(`  [${g.skillIds.join(" vs ")}] — ${g.reasonCodes.join(", ")}`);
+    });
+  }
+  lines.push("");
+  lines.push(hygiene.nextAction || "");
+  return lines.join("\n");
+}
+function formatSkillIntakeCheckText(check) {
+  const lines = [
+    `Skill Intake Check: ${(check.decision || "allow").toUpperCase()} — ${check.candidateSkillId || check.candidatePath}`,
+    `  ${check.message}`,
+  ];
+  if (check.duplicateMatches?.length) {
+    lines.push(`  duplicate_matches: ${check.duplicateMatches.map((m) => m.skillId).join(", ")}`);
+  }
+  if (check.conflictMatches?.length) {
+    lines.push(`  conflict_matches: ${check.conflictMatches.map((m) => m.skillId).join(", ")}`);
+  }
+  if (check.securityFlags?.length) {
+    lines.push(`  security_flags: ${check.securityFlags.join(", ")}`);
+  }
+  return lines.join("\n");
+}
+const criticalCodes = new Set([
+  "hidden_unicode",
+  "policy_bypass_phrase",
+  "unsafe_auto_execution_phrase",
+  "blocked_or_unreviewed_source",
+]);
+module.exports = {
+  HYGIENE_CONTRACT,
+  HYGIENE_SCHEMA_VERSION,
+  buildSkillHygiene,
+  buildSkillIntakeCheck,
+  selectPrimarySkillForTask,
+  buildBoundedContributions,
+  buildRouteHygiene,
+  summarizeSkillHygiene,
+  formatSkillHygieneText,
+  formatSkillIntakeCheckText,
+  detectDuplicateReasonCodes,
+  detectConflictReasonCodes,
+  detectContextHeavyReasonCodes,
+  detectSecurityHygieneReasonCodes,
+  isSkillUnsafe,
+};