npm - avorelo - Versions diffs - 0.1.0 - Mend

avorelo 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (258) hide show

package/LICENSE +21 -0
package/README.md +56 -0
package/bin/avorelo +9 -0
package/package.json +135 -0
package/scripts/README.md +40 -0
package/scripts/cco-dashboard.js +252 -0
package/scripts/cco-status.js +430 -0
package/scripts/lib/activation/account-state.js +37 -0
package/scripts/lib/activation/activation-runner.js +546 -0
package/scripts/lib/activation/activation-self-healing.js +480 -0
package/scripts/lib/activation/activation-state.js +83 -0
package/scripts/lib/activation/activation-summary.js +191 -0
package/scripts/lib/activation/adapters/claude-code.js +77 -0
package/scripts/lib/activation/adapters/codex-cli.js +52 -0
package/scripts/lib/activation/adapters/cursor.js +37 -0
package/scripts/lib/activation/adapters/github-agent.js +39 -0
package/scripts/lib/activation/adapters/terminal.js +42 -0
package/scripts/lib/activation/adapters/vscode.js +39 -0
package/scripts/lib/activation/adapters/windsurf.js +37 -0
package/scripts/lib/activation/ai-surface-detector.js +151 -0
package/scripts/lib/activation/connect-account.js +145 -0
package/scripts/lib/activation/detect-environment.js +75 -0
package/scripts/lib/activation/detect-hosts.js +62 -0
package/scripts/lib/activation/format-activation-output.js +109 -0
package/scripts/lib/activation/next-action.js +43 -0
package/scripts/lib/activation/repair-engine.js +219 -0
package/scripts/lib/activation-distribution-readiness.js +507 -0
package/scripts/lib/adapter-conformance.js +176 -0
package/scripts/lib/adapter-readiness.js +417 -0
package/scripts/lib/adapter-safety-boundaries.js +335 -0
package/scripts/lib/adapter-technical-readiness-gate.js +205 -0
package/scripts/lib/agent-access-governance.js +455 -0
package/scripts/lib/agent-enforcement.js +765 -0
package/scripts/lib/agent-policy-profile.js +210 -0
package/scripts/lib/agent-security/action-evaluator.js +507 -0
package/scripts/lib/agent-security/adapter-registry.js +98 -0
package/scripts/lib/agent-security/auto-policy.js +139 -0
package/scripts/lib/agent-security/bounded-scan.js +93 -0
package/scripts/lib/agent-security/enforcement-adapter.js +174 -0
package/scripts/lib/agent-security/enforcement-engine.js +1129 -0
package/scripts/lib/agent-security/file-write-adapter.js +183 -0
package/scripts/lib/agent-security/file-write-rules.js +178 -0
package/scripts/lib/agent-security/index.js +3342 -0
package/scripts/lib/agent-security/instruction-risk.js +181 -0
package/scripts/lib/agent-security/mcp-action-adapter.js +185 -0
package/scripts/lib/agent-security/mcp-action-rules.js +184 -0
package/scripts/lib/agent-security/package-action-adapter.js +175 -0
package/scripts/lib/agent-security/package-action-rules.js +233 -0
package/scripts/lib/agent-security/performance.js +148 -0
package/scripts/lib/agent-security/permission-minimizer.js +403 -0
package/scripts/lib/agent-security/scan-cache.js +74 -0
package/scripts/lib/agent-security/source-trust.js +146 -0
package/scripts/lib/ai-install-prompt.js +288 -0
package/scripts/lib/ai-workspace-hygiene.js +1499 -0
package/scripts/lib/alpha-activation.js +520 -0
package/scripts/lib/alpha-feedback.js +263 -0
package/scripts/lib/alpha-readiness-gate.js +332 -0
package/scripts/lib/anti-gaming.js +169 -0
package/scripts/lib/artifact-health.js +431 -0
package/scripts/lib/attribution.js +180 -0
package/scripts/lib/audit.js +289 -0
package/scripts/lib/avorelo-skill-registry.js +810 -0
package/scripts/lib/batch-jobs.js +71 -0
package/scripts/lib/brain-pack.js +578 -0
package/scripts/lib/brand-boundary.js +424 -0
package/scripts/lib/brand.js +74 -0
package/scripts/lib/browser-capability.js +1048 -0
package/scripts/lib/browser-proof-preflight.js +321 -0
package/scripts/lib/cache-readiness.js +187 -0
package/scripts/lib/canonical-reentry.js +162 -0
package/scripts/lib/capability-packs.js +314 -0
package/scripts/lib/capability-recommender.js +512 -0
package/scripts/lib/capability-registry.js +1059 -0
package/scripts/lib/carry-forward-surfacing.js +194 -0
package/scripts/lib/ccusage-adapter.js +188 -0
package/scripts/lib/company-loop.js +1149 -0
package/scripts/lib/config.js +637 -0
package/scripts/lib/context-acquisition-plan.js +287 -0
package/scripts/lib/context-budget-guard.js +170 -0
package/scripts/lib/context-budget-scanner.js +257 -0
package/scripts/lib/context-optimizer.js +715 -0
package/scripts/lib/context-reduction-plan.js +178 -0
package/scripts/lib/context-safety.js +88 -0
package/scripts/lib/context-savings-engine.js +158 -0
package/scripts/lib/cost-evidence.js +254 -0
package/scripts/lib/cross-host-install-plan.js +308 -0
package/scripts/lib/cross-host-install-readiness.js +237 -0
package/scripts/lib/cross-host-value-flow.js +268 -0
package/scripts/lib/dashboard.js +900 -0
package/scripts/lib/design-partner-feedback.js +346 -0
package/scripts/lib/entitlements.js +100 -0
package/scripts/lib/execution-packet.js +559 -0
package/scripts/lib/experimentation-events.js +547 -0
package/scripts/lib/external-capability-compliance.js +107 -0
package/scripts/lib/external-user-simulation.js +166 -0
package/scripts/lib/failure-recovery-readiness.js +81 -0
package/scripts/lib/failure-recovery.js +419 -0
package/scripts/lib/feedback-intelligence.js +537 -0
package/scripts/lib/feedback-signals.js +205 -0
package/scripts/lib/file-integrity.js +68 -0
package/scripts/lib/fsx.js +127 -0
package/scripts/lib/full-readiness-gate.js +451 -0
package/scripts/lib/guidance-builder.js +174 -0
package/scripts/lib/hook-apply.js +1019 -0
package/scripts/lib/hook-baseline.js +310 -0
package/scripts/lib/hook-config-preview.js +275 -0
package/scripts/lib/hook-contracts.js +290 -0
package/scripts/lib/hook-safety-boundary-readiness.js +80 -0
package/scripts/lib/host-capability-matrix.js +351 -0
package/scripts/lib/host-support-context.js +254 -0
package/scripts/lib/http-hook-action.js +538 -0
package/scripts/lib/install-ai-readiness.js +84 -0
package/scripts/lib/install-intake-risk.js +1037 -0
package/scripts/lib/install-journey-intelligence.js +329 -0
package/scripts/lib/intervention-guidance.js +57 -0
package/scripts/lib/known-limitations.js +115 -0
package/scripts/lib/l8-path-truth.js +146 -0
package/scripts/lib/launch-hardening-gate.js +436 -0
package/scripts/lib/launch-readiness.js +628 -0
package/scripts/lib/learning-memory.js +686 -0
package/scripts/lib/lifecycle-hooks.js +802 -0
package/scripts/lib/local-package-smoke.js +423 -0
package/scripts/lib/local-pricing.js +299 -0
package/scripts/lib/mcp-enforcement.js +311 -0
package/scripts/lib/mcp-least-privilege-policy.js +303 -0
package/scripts/lib/mcp-tool-inventory.js +388 -0
package/scripts/lib/mcp-tool-risk.js +0 -0
package/scripts/lib/memory.js +335 -0
package/scripts/lib/metrics.js +699 -0
package/scripts/lib/micro-proof.js +133 -0
package/scripts/lib/next-run-context.js +436 -0
package/scripts/lib/operating-value.js +1648 -0
package/scripts/lib/optimization-v3.js +122 -0
package/scripts/lib/orchestration/adapters/_shared.js +49 -0
package/scripts/lib/orchestration/adapters/aider.js +18 -0
package/scripts/lib/orchestration/adapters/claude-code.js +35 -0
package/scripts/lib/orchestration/adapters/codex.js +35 -0
package/scripts/lib/orchestration/adapters/gemini-cli.js +18 -0
package/scripts/lib/orchestration/adapters/git.js +25 -0
package/scripts/lib/orchestration/adapters/index.js +31 -0
package/scripts/lib/orchestration/adapters/lm-studio.js +18 -0
package/scripts/lib/orchestration/adapters/ollama.js +18 -0
package/scripts/lib/orchestration/adapters/opencode.js +18 -0
package/scripts/lib/orchestration/adapters/openrouter.js +18 -0
package/scripts/lib/orchestration/adapters/test-runner.js +25 -0
package/scripts/lib/orchestration/cli.js +438 -0
package/scripts/lib/orchestration/execution-manager.js +279 -0
package/scripts/lib/orchestration/handoff.js +314 -0
package/scripts/lib/orchestration/index.js +456 -0
package/scripts/lib/orchestration/inventory.js +47 -0
package/scripts/lib/orchestration/model-discovery.js +498 -0
package/scripts/lib/orchestration/model-profiler.js +170 -0
package/scripts/lib/orchestration/model-profiles.js +252 -0
package/scripts/lib/orchestration/model-refresh-policy.js +72 -0
package/scripts/lib/orchestration/proof-writer.js +349 -0
package/scripts/lib/orchestration/provider-discovery/aider.js +49 -0
package/scripts/lib/orchestration/provider-discovery/claude-code.js +56 -0
package/scripts/lib/orchestration/provider-discovery/codex.js +49 -0
package/scripts/lib/orchestration/provider-discovery/common.js +186 -0
package/scripts/lib/orchestration/provider-discovery/gemini.js +106 -0
package/scripts/lib/orchestration/provider-discovery/lm-studio.js +118 -0
package/scripts/lib/orchestration/provider-discovery/models-dev.js +12 -0
package/scripts/lib/orchestration/provider-discovery/ollama.js +100 -0
package/scripts/lib/orchestration/provider-discovery/opencode.js +47 -0
package/scripts/lib/orchestration/provider-discovery/openrouter.js +44 -0
package/scripts/lib/orchestration/risk-classifier.js +130 -0
package/scripts/lib/orchestration/routing-policy.js +486 -0
package/scripts/lib/orchestration/settings.js +112 -0
package/scripts/lib/orchestration/state.js +165 -0
package/scripts/lib/orchestration/verification-manager.js +138 -0
package/scripts/lib/output-profiles.js +146 -0
package/scripts/lib/package-content-audit.js +368 -0
package/scripts/lib/package-runtime.js +278 -0
package/scripts/lib/plan-surface.js +53 -0
package/scripts/lib/plans.js +2318 -0
package/scripts/lib/policy-provider.js +27 -0
package/scripts/lib/prelaunch-activation-readiness.js +409 -0
package/scripts/lib/prelaunch-evidence-store.js +816 -0
package/scripts/lib/prelaunch-intelligence.js +869 -0
package/scripts/lib/pricing-experiment.js +118 -0
package/scripts/lib/pro-moment-events.js +77 -0
package/scripts/lib/pro-moment-state.js +227 -0
package/scripts/lib/pro-moments.js +1216 -0
package/scripts/lib/product-learning-events.js +629 -0
package/scripts/lib/project-profile.js +555 -0
package/scripts/lib/prompt-compiler.js +280 -0
package/scripts/lib/prompt-lint.js +32 -0
package/scripts/lib/prompt-suggestions.js +52 -0
package/scripts/lib/proof-canonical.js +398 -0
package/scripts/lib/proof-drilldown.js +383 -0
package/scripts/lib/proof-events.js +342 -0
package/scripts/lib/proof-history.js +243 -0
package/scripts/lib/proof-metrics.js +296 -0
package/scripts/lib/proof-outcome-evidence.js +134 -0
package/scripts/lib/proof-receipt.js +335 -0
package/scripts/lib/proof-record.js +461 -0
package/scripts/lib/public-activation-distribution-gate.js +258 -0
package/scripts/lib/public-cli.js +3891 -0
package/scripts/lib/public-distribution-truth.js +211 -0
package/scripts/lib/public-install-claim-checker.js +294 -0
package/scripts/lib/publish-provenance-readiness.js +283 -0
package/scripts/lib/readiness-delta.js +218 -0
package/scripts/lib/readiness-evidence-closure.js +196 -0
package/scripts/lib/reentry-memory-capture.js +241 -0
package/scripts/lib/reentry-memory-retrieval.js +302 -0
package/scripts/lib/reentry-memory-status.js +146 -0
package/scripts/lib/reentry-memory-store.js +178 -0
package/scripts/lib/reentry-state.js +66 -0
package/scripts/lib/release-candidate-bundle.js +166 -0
package/scripts/lib/remediation.js +81 -0
package/scripts/lib/repo-map.js +391 -0
package/scripts/lib/run-improvements-lifecycle.js +330 -0
package/scripts/lib/run-improvements.js +789 -0
package/scripts/lib/runtime-decision-policy.js +387 -0
package/scripts/lib/safe-path-engine.js +705 -0
package/scripts/lib/safe-run-controller.js +887 -0
package/scripts/lib/score.js +262 -0
package/scripts/lib/seamless-enforcement.js +329 -0
package/scripts/lib/seamless-outcome.js +689 -0
package/scripts/lib/seamless-reality-gate.js +5043 -0
package/scripts/lib/security-risk-classifier.js +511 -0
package/scripts/lib/security-scan.js +384 -0
package/scripts/lib/session-context-optimizer.js +1211 -0
package/scripts/lib/session-timing.js +315 -0
package/scripts/lib/skill-hygiene.js +805 -0
package/scripts/lib/skill-packs.js +161 -0
package/scripts/lib/skills-operating-layer.js +580 -0
package/scripts/lib/smart-work-routing.js +768 -0
package/scripts/lib/source-catalog.js +700 -0
package/scripts/lib/status-value-summary.js +32 -0
package/scripts/lib/support-bundle.js +578 -0
package/scripts/lib/task-continuation.js +440 -0
package/scripts/lib/test-helpers.js +15 -0
package/scripts/lib/tier.js +38 -0
package/scripts/lib/token-context-quality-gate.js +370 -0
package/scripts/lib/token-cost-capture.js +187 -0
package/scripts/lib/token-cost-intelligence.js +358 -0
package/scripts/lib/token-efficiency-evidence.js +213 -0
package/scripts/lib/token-evidence.js +699 -0
package/scripts/lib/tokenish.js +17 -0
package/scripts/lib/tool-output-sandbox.js +304 -0
package/scripts/lib/trust-audit.js +136 -0
package/scripts/lib/unified-events.js +396 -0
package/scripts/lib/upgrade-interruption-recovery.js +407 -0
package/scripts/lib/usage-ledger.js +201 -0
package/scripts/lib/value-ledger.js +130 -0
package/scripts/lib/value-proof-calibration.js +531 -0
package/scripts/lib/visual-qa.js +231 -0
package/scripts/lib/voice-alpha.js +29 -0
package/scripts/lib/work-aware-orchestration.js +976 -0
package/scripts/lib/work-control-receipts.js +577 -0
package/scripts/lib/work-ledger.js +1123 -0
package/scripts/lib/work-panel-preview.js +352 -0
package/scripts/lib/workflow-discipline.js +280 -0
package/scripts/lib/workflow-signals.js +419 -0
package/scripts/lib/workspace-map.js +281 -0
package/scripts/lib/workspace-registry.js +1367 -0
package/scripts/lib/workspace-resolver.js +480 -0

package/scripts/lib/work-control-receipts.js ADDED Viewed

@@ -0,0 +1,577 @@
+"use strict";
+const crypto = require("crypto");
+const { ensureCcoDirs, nowIso, safeReadJson, safeWriteJson } = require("./fsx");
+const { appendProductLearningEvent } = require("./product-learning-events");
+const WORK_CONTROL_CONTRACT = "avorelo.workControlReceipt.v1";
+const WORK_CONTROL_SCHEMA_VERSION = 1;
+const LATEST_WC_RECEIPT_REL_PATH = ".claude/cco/orchestration/work-control/latest-receipt.json";
+const WC_HISTORY_DIR_REL_PATH = ".claude/cco/orchestration/work-control/history";
+const WC_EVENT_LOG_REL_PATH = ".claude/cco/events/work-control.jsonl";
+const SECRET_PATTERN = /(?:sk-[A-Za-z0-9_-]{16,}|ghp_[A-Za-z0-9]{20,}|AKIA[0-9A-Z]{16}|(?:api[_ -]?key|token|password|secret|authorization)\s*[:=]\s*\S+)/i;
+function unique(values) {
+  return [...new Set((values || []).filter(Boolean))];
+}
+function redactIfSecret(text) {
+  if (!text) return text;
+  const s = String(text);
+  return SECRET_PATTERN.test(s) ? "[REDACTED]" : s;
+}
+function createReceiptId() {
+  return `wc-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`;
+}
+function readLatestWorkControlReceipt(cwd) {
+  return safeReadJson(cwd, LATEST_WC_RECEIPT_REL_PATH, null);
+}
+function computeFinalState(controls) {
+  const { guard, governance, safePath, installIntake } = controls;
+  const isBlocked =
+    guard?.decision === "block"
+    || governance?.decision === "block"
+    || safePath?.lastDecision === "block";
+  if (isBlocked) return "blocked";
+  const requiresApproval =
+    guard?.decision === "approval_required"
+    || governance?.decision === "approval_required"
+    || governance?.approvalBoundary === true
+    || safePath?.lastDecision === "approval_required"
+    || safePath?.approvalBoundary === true;
+  if (requiresApproval) return "approval_required";
+  const hasAttention =
+    (installIntake?.highRiskItems > 0)
+    || (installIntake?.unknownItems > 0)
+    || (governance?.subjectTrustStatus === "unknown")
+    || (guard?.riskLevel === "high" || guard?.riskLevel === "critical");
+  if (hasAttention) return "attention";
+  const hasEvidence =
+    guard?.evidencePath
+    || governance?.latestReceiptPath
+    || safePath?.latestReceiptPath
+    || installIntake?.latestReceiptPath;
+  return hasEvidence ? "ok" : "missing";
+}
+function computeNextSafestAction(controls, finalState) {
+  const { guard, governance, safePath, installIntake } = controls;
+  if (finalState === "blocked") {
+    return "Preserve the block — do not execute the destructive or blocked action.";
+  }
+  if (governance?.subjectTrustStatus === "unknown" || installIntake?.unknownItems > 0) {
+    return "Review unknown intake source or subject before proceeding.";
+  }
+  if (finalState === "approval_required") {
+    return safePath?.nextAction
+      || governance?.nextAction
+      || "Approve only the reduced scope before proceeding.";
+  }
+  if (finalState === "attention") {
+    return installIntake?.nextAction
+      || guard?.nextAction
+      || "Review high-risk intake items and confirm reduced scope.";
+  }
+  if (!guard?.evidencePath && !governance?.latestReceiptPath) {
+    return "Run `avorelo guard` on a risky action to generate the first control receipt.";
+  }
+  return "Continue with the smallest local scope. Re-run proof before next session.";
+}
+function buildDoNotRepeat(controls, proof) {
+  const items = [
+    "Do not rerun from scratch — use current proof/work-control receipt.",
+    "Do not trust unknown MCP server or package without running intake review first.",
+    "Do not paste huge status JSON into context — use `avorelo work-control --json` instead.",
+  ];
+  if (proof?.route?.selectedRoute?.includes("broad") || proof?.route?.safetyNotes?.some((n) => /broad/i.test(n))) {
+    items.push("Do not perform broad repo scan — route already recorded the relevant context.");
+  }
+  if (controls.installIntake?.unknownItems > 0) {
+    items.push("Do not execute tool or MCP call for unknown/unreviewed source.");
+  }
+  if (controls.safePath?.lastDecision === "recommend_reduced_scope") {
+    items.push("Do not use broad scope — safe path already recommended a reduced alternative.");
+  }
+  return unique(items);
+}
+function buildCarryForward(cwd, controls, proof, finalState, nextSafestAction) {
+  const items = {};
+  if (proof?.route?.selectedRoute) {
+    items.lastRoute = proof.route.selectedRoute;
+  }
+  if (proof?.task) {
+    items.lastTaskSummary = String(proof.task).slice(0, 200);
+  }
+  if (proof?.runId) {
+    items.lastRunId = proof.runId;
+  }
+  items.finalState = finalState;
+  items.nextSafestAction = nextSafestAction;
+  items.receiptPaths = [
+    controls.guard?.evidencePath ? `guard: ${controls.guard.evidencePath}` : null,
+    controls.governance?.latestReceiptPath ? `governance: ${controls.governance.latestReceiptPath}` : null,
+    controls.safePath?.latestReceiptPath ? `safe-path: ${controls.safePath.latestReceiptPath}` : null,
+    controls.installIntake?.latestReceiptPath ? `intake: ${controls.installIntake.latestReceiptPath}` : null,
+    controls.skills?.latestRouteReceiptPath ? `skills: ${controls.skills.latestRouteReceiptPath}` : null,
+  ].filter(Boolean);
+  const unchecked = [];
+  if (!controls.governance?.latestReceiptPath) unchecked.push("governance receipt missing");
+  if (!controls.safePath?.latestReceiptPath) unchecked.push("safe-path receipt missing");
+  if (!controls.skills?.latestRouteReceiptPath) unchecked.push("skills route receipt missing");
+  if (unchecked.length) items.uncheckedItems = unchecked;
+  items.restoreCommands = [
+    "node bin/avorelo work-control --json",
+    "node bin/avorelo proof",
+  ];
+  return items;
+}
+function buildWorkControlSummary(controls, finalState, nextSafestAction, doNotRepeat, carryForward) {
+  const { guard, governance, safePath, installIntake, skills } = controls;
+  const allowedCount = guard?.decision === "allow" ? 1 : 0;
+  const warnedCount = guard?.decision === "warn" ? 1 : 0;
+  const approvalRequiredCount = (guard?.decision === "approval_required" || finalState === "approval_required") ? 1 : 0;
+  const blockedCount = guard?.decision === "block" ? 1 : 0;
+  const reductionsRecommendedCount = safePath?.reductionsRecommended || 0;
+  const reviewedSourcesCount = skills?.reviewedSources || 0;
+  const unknownSourcesCount = skills?.deferredSources || 0;
+  const highRiskIntakeCount = installIntake?.highRiskItems || 0;
+  return {
+    allowedCount,
+    warnedCount,
+    approvalRequiredCount,
+    blockedCount,
+    reductionsRecommendedCount,
+    reviewedSourcesCount,
+    unknownSourcesCount,
+    highRiskIntakeCount,
+    finalState,
+    nextSafestAction,
+    doNotRepeat,
+    carryForward,
+  };
+}
+function buildWorkControlReceipt(cwd, options = {}) {
+  const { buildAgentAccessGovernanceSurface } = require("./agent-access-governance");
+  const { buildSafePathSurface } = require("./safe-path-engine");
+  const { buildInstallIntakeRiskSurface } = require("./install-intake-risk");
+  const { buildSkillsOperatingLayerSurface } = require("./skills-operating-layer");
+  let proof = null;
+  try {
+    const { readCurrentProof } = require("./orchestration");
+    proof = readCurrentProof(cwd);
+  } catch {}
+  const governanceSurface = buildAgentAccessGovernanceSurface(cwd);
+  const safePathSurface = buildSafePathSurface(cwd);
+  const intakeSurface = buildInstallIntakeRiskSurface(cwd);
+  const skillsSurface = buildSkillsOperatingLayerSurface(cwd);
+  const rawTask = (options.task || proof?.task || "");
+  const taskText = redactIfSecret(rawTask) || "";
+  const taskSection = {
+    text: taskText.slice(0, 400),
+    type: proof?.route?.task?.taskType || options.taskType || "unknown",
+    risk: proof?.route?.task?.risk || options.taskRisk || "unknown",
+    sensitivity: proof?.route?.task?.sensitivity || options.taskSensitivity || "unknown",
+    surface: proof?.surface || options.surface || "avorelo_cli",
+  };
+  const routeSection = proof?.route
+    ? {
+        selectedRoute: proof.route.selectedRoute || null,
+        chosenTool: proof.route.chosenTool || null,
+        selectedModel: proof.route.selectedModel || null,
+        chosenModelProfile: proof.route.chosenModelProfile || null,
+        fallbackTool: proof.route.fallbackTool || null,
+        safetyNotes: (proof.route.safetyNotes || []).slice(0, 5),
+        whyChosen: (proof.route.whyChosen || []).slice(0, 3),
+        whyNotChosen: (proof.route.whyNotChosen || []).slice(0, 3),
+      }
+    : {
+        selectedRoute: null,
+        chosenTool: null,
+        selectedModel: null,
+        chosenModelProfile: null,
+        fallbackTool: null,
+        safetyNotes: [],
+        whyChosen: [],
+        whyNotChosen: [],
+      };
+  const latestGovernanceReceipt = governanceSurface.latestReceipt;
+  const latestSafePathReceipt = safePathSurface.latestReceipt;
+  const guardSection = latestGovernanceReceipt
+    ? {
+        decision: latestGovernanceReceipt.decision || "unknown",
+        riskLevel: latestGovernanceReceipt.severity || "unknown",
+        reasonCodes: (latestGovernanceReceipt.reasonCodes || []).slice(0, 5),
+        matchedRules: [],
+        evidencePath: governanceSurface.latestReceiptPath || null,
+        nextAction: null,
+      }
+    : {
+        decision: "missing",
+        riskLevel: "unknown",
+        reasonCodes: [],
+        matchedRules: [],
+        evidencePath: null,
+        nextAction: "Run `avorelo guard` to generate the first governance receipt.",
+      };
+  const governanceSection = {
+    status: governanceSurface.status,
+    latestReceiptPath: governanceSurface.latestReceiptPath,
+    decision: latestGovernanceReceipt?.decision || "missing",
+    subjectType: latestGovernanceReceipt?.subjectSummary?.type || null,
+    subjectTrustStatus: latestGovernanceReceipt?.subjectSummary?.trustStatus || null,
+    requestedActionType: latestGovernanceReceipt?.requestedActionSummary?.type || null,
+    scopeSummary: latestGovernanceReceipt?.scopeSummary || null,
+    approvalBoundary: latestGovernanceReceipt?.approvalBoundary?.required === true,
+    nextAction: governanceSurface.nextAction,
+  };
+  const safePathSection = {
+    status: safePathSurface.status,
+    latestReceiptPath: safePathSurface.latestReceiptPath,
+    lastDecision: safePathSurface.lastDecision,
+    recommendedBoundary: latestSafePathReceipt?.recommendedBoundary || null,
+    reductionSummary: latestSafePathReceipt?.reductionSummary || null,
+    approvalBoundary: latestSafePathReceipt?.approvalBoundary?.required === true,
+    nextAction: safePathSurface.nextAction,
+    reductionsRecommended: safePathSurface.reductionsRecommended,
+  };
+  const intakeSection = {
+    status: intakeSurface.status,
+    latestReceiptPath: intakeSurface.latestReceiptPath,
+    totalItems: intakeSurface.totalItems,
+    unknownItems: intakeSurface.unknownItems,
+    highRiskItems: intakeSurface.highRiskItems,
+    topReasonCodes: (intakeSurface.topReasonCodes || []).slice(0, 5),
+    nextAction: intakeSurface.nextAction,
+  };
+  const skillsSection = {
+    status: skillsSurface.status,
+    primarySkill: null,
+    reviewedSources: skillsSurface.reviewedSources,
+    deferredSources: skillsSurface.deferredSources,
+    latestRouteReceiptPath: skillsSurface.latestSkillRouteReceiptPath || null,
+    evidenceRequirements: [],
+  };
+  const controls = {
+    guard: guardSection,
+    governance: governanceSection,
+    safePath: safePathSection,
+    installIntake: intakeSection,
+    skills: skillsSection,
+  };
+  const verification = {
+    status: proof?.verification?.status || "missing",
+    commandsRun: [],
+    passed: [],
+    failed: [],
+    notChecked: [
+      !governanceSurface.latestReceiptPath && "governance receipt",
+      !safePathSurface.latestReceiptPath && "safe-path receipt",
+      !skillsSurface.latestSkillRouteReceiptPath && "skills route receipt",
+    ].filter(Boolean),
+    proofPath: proof ? ".claude/cco/orchestration/current-proof.json" : null,
+  };
+  const finalState = computeFinalState(controls);
+  const nextSafestAction = computeNextSafestAction(controls, finalState);
+  const doNotRepeat = buildDoNotRepeat(controls, proof);
+  const carryForward = buildCarryForward(cwd, controls, proof, finalState, nextSafestAction);
+  const workControl = buildWorkControlSummary(controls, finalState, nextSafestAction, doNotRepeat, carryForward);
+  const allReceiptPaths = [
+    governanceSurface.latestReceiptPath,
+    safePathSurface.latestReceiptPath,
+    intakeSurface.latestReceiptPath,
+    skillsSurface.latestSkillRouteReceiptPath,
+  ].filter(Boolean);
+  const receipt = {
+    schemaVersion: WORK_CONTROL_SCHEMA_VERSION,
+    contract: WORK_CONTROL_CONTRACT,
+    receiptType: "work_control",
+    receiptId: createReceiptId(),
+    createdAt: nowIso(),
+    cwd,
+    task: taskSection,
+    route: routeSection,
+    controls,
+    verification,
+    workControl,
+    evidencePaths: allReceiptPaths,
+    productLearning: {
+      eventsWritten: 0,
+      suggestedEvents: ["work_control_receipt_written"],
+    },
+    redacted: true,
+  };
+  return receipt;
+}
+function writeWorkControlReceipt(cwd, receipt, options = {}) {
+  ensureCcoDirs(cwd);
+  const relPath = LATEST_WC_RECEIPT_REL_PATH;
+  safeWriteJson(cwd, relPath, receipt);
+  const fs = require("fs");
+  const path = require("path");
+  const historyDir = path.join(cwd, WC_HISTORY_DIR_REL_PATH);
+  fs.mkdirSync(historyDir, { recursive: true });
+  const canExport = options.plan && options.plan !== "free";
+  if (canExport) {
+    safeWriteJson(cwd, `${WC_HISTORY_DIR_REL_PATH}/${receipt.receiptId}.json`, receipt);
+  }
+  const eventLine = {
+    receiptId: receipt.receiptId,
+    finalState: receipt.workControl.finalState,
+    blockedCount: receipt.workControl.blockedCount,
+    approvalRequiredCount: receipt.workControl.approvalRequiredCount,
+    highRiskIntakeCount: receipt.workControl.highRiskIntakeCount,
+    receiptPath: relPath,
+    createdAt: receipt.createdAt,
+  };
+  try {
+    const abs = require("path").join(cwd, WC_EVENT_LOG_REL_PATH);
+    fs.mkdirSync(require("path").dirname(abs), { recursive: true });
+    fs.appendFileSync(abs, `${JSON.stringify(eventLine)}\n`, "utf8");
+  } catch {}
+  let eventsWritten = 0;
+  const productEvents = [];
+  productEvents.push({
+    eventName: "work_control_receipt_written",
+    category: "work_control",
+    status: "completed",
+    payload: {
+      finalState: receipt.workControl.finalState,
+      blockedCount: receipt.workControl.blockedCount,
+      approvalRequiredCount: receipt.workControl.approvalRequiredCount,
+      highRiskIntakeCount: receipt.workControl.highRiskIntakeCount,
+      evidencePathsCount: receipt.evidencePaths.length,
+    },
+  });
+  if (receipt.workControl.finalState === "blocked") {
+    productEvents.push({
+      eventName: "work_control_block_preserved",
+      category: "work_control",
+      status: "completed",
+      payload: {
+        receiptId: receipt.receiptId,
+        blockedCount: receipt.workControl.blockedCount,
+      },
+    });
+  }
+  if (receipt.workControl.finalState === "approval_required") {
+    productEvents.push({
+      eventName: "work_control_approval_required",
+      category: "work_control",
+      status: "recommended",
+      payload: {
+        approvalRequiredCount: receipt.workControl.approvalRequiredCount,
+      },
+    });
+  }
+  if (receipt.workControl.nextSafestAction) {
+    productEvents.push({
+      eventName: "work_control_next_action_recommended",
+      category: "work_control",
+      status: "recommended",
+      payload: {
+        finalState: receipt.workControl.finalState,
+      },
+    });
+  }
+  if (receipt.workControl.doNotRepeat?.length) {
+    productEvents.push({
+      eventName: "work_control_do_not_repeat_generated",
+      category: "work_control",
+      status: "completed",
+      payload: {
+        count: receipt.workControl.doNotRepeat.length,
+      },
+    });
+  }
+  productEvents.forEach((event) => {
+    try {
+      appendProductLearningEvent(cwd, event);
+      eventsWritten += 1;
+    } catch {}
+  });
+  receipt.productLearning.eventsWritten = eventsWritten;
+  return relPath;
+}
+function buildWorkControlSurface(cwd) {
+  const latestReceipt = readLatestWorkControlReceipt(cwd);
+  if (!latestReceipt) {
+    return {
+      status: "missing",
+      latestReceiptPath: null,
+      finalState: "missing",
+      nextSafestAction: "Run `avorelo work-control` to generate the first receipt.",
+      blockedCount: 0,
+      approvalRequiredCount: 0,
+      highRiskIntakeCount: 0,
+      unknownSourcesCount: 0,
+      proofAvailable: false,
+      carryForwardAvailable: false,
+      showInStatus: true,
+      showInDashboard: true,
+      statusLine: "Work Control: MISSING · no receipt yet",
+    };
+  }
+  const wc = latestReceipt.workControl || {};
+  const finalState = wc.finalState || "missing";
+  const stateLabel = finalState.toUpperCase().replace(/_/g, " ");
+  return {
+    status: "foundation",
+    latestReceiptPath: LATEST_WC_RECEIPT_REL_PATH,
+    finalState,
+    nextSafestAction: wc.nextSafestAction || null,
+    blockedCount: wc.blockedCount || 0,
+    approvalRequiredCount: wc.approvalRequiredCount || 0,
+    highRiskIntakeCount: wc.highRiskIntakeCount || 0,
+    unknownSourcesCount: wc.unknownSourcesCount || 0,
+    proofAvailable: Boolean(latestReceipt.verification?.proofPath),
+    carryForwardAvailable: Boolean(wc.carryForward?.receiptPaths?.length),
+    showInStatus: true,
+    showInDashboard: true,
+    statusLine: `Work Control: ${stateLabel} · blocked=${wc.blockedCount || 0} · approval=${wc.approvalRequiredCount || 0} · high-risk-intake=${wc.highRiskIntakeCount || 0} · latest receipt ${LATEST_WC_RECEIPT_REL_PATH}`,
+  };
+}
+function formatWorkControlText(surfaceOrReceipt, options = {}) {
+  const isHandoff = options.handoff === true;
+  if (!surfaceOrReceipt) {
+    return "Work Control: MISSING · no receipt yet\nNext: Run `avorelo work-control` to generate the first receipt.\n";
+  }
+  if (surfaceOrReceipt.contract === WORK_CONTROL_CONTRACT) {
+    const receipt = surfaceOrReceipt;
+    const wc = receipt.workControl || {};
+    const stateLabel = (wc.finalState || "missing").toUpperCase().replace(/_/g, " ");
+    const taskText = receipt.task?.text ? String(receipt.task.text).slice(0, 120) : "unknown";
+    const lines = [
+      `Work Control: ${stateLabel}`,
+      `Task: ${taskText}`,
+      `State: ${wc.finalState || "missing"}`,
+    ];
+    if (receipt.controls?.guard?.decision && receipt.controls.guard.decision !== "missing") {
+      lines.push(`Guard: ${receipt.controls.guard.decision} · ${(receipt.controls.guard.reasonCodes || []).join(", ") || "no codes"}`);
+    }
+    if (receipt.controls?.installIntake?.totalItems) {
+      lines.push(`Install Intake: ${receipt.controls.installIntake.totalItems} items · ${receipt.controls.installIntake.unknownItems} unknown · ${receipt.controls.installIntake.highRiskItems} high`);
+    }
+    if (receipt.controls?.safePath?.lastDecision) {
+      lines.push(`Safe Path: ${receipt.controls.safePath.lastDecision}`);
+    }
+    if (wc.nextSafestAction) {
+      lines.push(`Next: ${wc.nextSafestAction}`);
+    }
+    if (receipt.evidencePaths?.length) {
+      lines.push(`Evidence paths: ${receipt.evidencePaths.join(", ")}`);
+    }
+    lines.push(`Receipt: ${LATEST_WC_RECEIPT_REL_PATH}`);
+    if (isHandoff) {
+      lines.push("");
+      lines.push("## Handoff");
+      lines.push(`State: ${wc.finalState || "missing"}`);
+      lines.push("");
+      lines.push("### What was checked");
+      (receipt.evidencePaths || []).forEach((p) => lines.push(`- ${p}`));
+      if (!receipt.evidencePaths?.length) lines.push("- No evidence paths recorded");
+      lines.push("");
+      lines.push("### What was not checked");
+      (receipt.verification?.notChecked || []).forEach((item) => lines.push(`- ${item}`));
+      if (!receipt.verification?.notChecked?.length) lines.push("- Nothing explicitly unchecked");
+      lines.push("");
+      lines.push("### What to do next");
+      lines.push(wc.nextSafestAction || "Continue with smallest local scope.");
+      lines.push("");
+      lines.push("### Do not repeat");
+      (wc.doNotRepeat || []).forEach((item) => lines.push(`- ${item}`));
+      lines.push("");
+      lines.push("### Receipt paths");
+      (wc.carryForward?.receiptPaths || []).forEach((p) => lines.push(`- ${p}`));
+      lines.push(`- work-control: ${LATEST_WC_RECEIPT_REL_PATH}`);
+    }
+    return lines.join("\n") + "\n";
+  }
+  const surface = surfaceOrReceipt;
+  const stateLabel = (surface.finalState || "missing").toUpperCase().replace(/_/g, " ");
+  const lines = [
+    `Work Control: ${stateLabel}`,
+    `Final state: ${surface.finalState || "missing"}`,
+  ];
+  if (surface.nextSafestAction) lines.push(`Next: ${surface.nextSafestAction}`);
+  if (surface.latestReceiptPath) lines.push(`Receipt: ${surface.latestReceiptPath}`);
+  return lines.join("\n") + "\n";
+}
+module.exports = {
+  WORK_CONTROL_CONTRACT,
+  WORK_CONTROL_SCHEMA_VERSION,
+  LATEST_WC_RECEIPT_REL_PATH,
+  WC_EVENT_LOG_REL_PATH,
+  readLatestWorkControlReceipt,
+  buildWorkControlReceipt,
+  writeWorkControlReceipt,
+  buildWorkControlSurface,
+  formatWorkControlText,
+};