avorelo 0.1.0

package/scripts/lib/workspace-registry.js

@@ -0,0 +1,1367 @@
+"use strict";
+
+/**
+ * Avorelo Workspace Registry — Asset Inventory Foundation v1
+ *
+ * Contract: avorelo.workspaceRegistry.v1
+ *
+ * Responsibilities:
+ * - Build a normalized local asset index (what exists, type, trust, risk, relationships)
+ * - Feed Session Context, Brain Pack, Capability Recommender, Install Intake, Safe Path
+ * - Detect drift between snapshots
+ * - Write compact product-learning events
+ *
+ * Rules:
+ * - Deterministic, local-first, no network, no LLM, no package-registry lookups
+ * - No full filesystem scan outside repo
+ * - No secret reading, no raw receipts, no raw code/skill bodies
+ * - Fail open with unknown/deferred instead of false trust
+ */
+
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+const { ensureCcoDirs, nowIso, safeReadJson, safeWriteJson, safeWriteText } = require("./fsx");
+const { appendProductLearningEvent } = require("./product-learning-events");
+
+// ── Constants ──────────────────────────────────────────────────────────────────
+
+const REGISTRY_CONTRACT = "avorelo.workspaceRegistry.v1";
+const REGISTRY_SCHEMA_VERSION = 1;
+const LATEST_REGISTRY_REL_PATH = ".claude/cco/orchestration/workspace-registry/latest-registry.json";
+const LATEST_SUMMARY_MD_REL_PATH = ".claude/cco/orchestration/workspace-registry/latest-summary.md";
+const REGISTRY_HISTORY_DIR_REL_PATH = ".claude/cco/orchestration/workspace-registry/history";
+const REGISTRY_EVENT_LOG_REL_PATH = ".claude/cco/events/workspace-registry.jsonl";
+
+const ALLOWED_ASSET_TYPES = new Set([
+  "source_file",
+  "test_file",
+  "doc_file",
+  "config_file",
+  "package_manifest",
+  "lockfile",
+  "npm_script",
+  "mcp_server_config",
+  "mcp_tool_config",
+  "vscode_extension_recommendation",
+  "cursor_rule",
+  "claude_guidance",
+  "agents_guidance",
+  "gemini_guidance",
+  "copilot_guidance",
+  "skill",
+  "skill_pack",
+  "adapter",
+  "generated_guidance",
+  "model_provider",
+  "local_model",
+  "orchestration_worker",
+  "browser_integration",
+  "proof_artifact",
+  "receipt",
+  "unknown",
+]);
+
+const RISK_ORDER = Object.freeze({ low: 1, medium: 2, high: 3, critical: 4 });
+
+const SECRET_PATTERN = /(?:sk-[A-Za-z0-9_-]{16,}|ghp_[A-Za-z0-9]{20,}|AKIA[0-9A-Z]{16}|(?:api[_ -]?key|token|password|secret|authorization)\s*[:=]\s*\S+)/i;
+
+const IGNORED_DIRS = new Set([
+  ".git", "node_modules", "dist", "build", "coverage",
+  ".next", ".turbo", ".cache", ".wasp",
+]);
+
+// ── Utilities ──────────────────────────────────────────────────────────────────
+
+function sha256short(value) {
+  return crypto.createHash("sha256").update(String(value || "")).digest("hex").slice(0, 12);
+}
+
+function assetId(type, name) {
+  return `reg-${type.slice(0, 8)}-${sha256short(`${type}:${name}`)}`;
+}
+
+function normalizeRelPath(value) {
+  return String(value || "").replace(/\\/g, "/").trim();
+}
+
+function maxRisk(a, b) {
+  return (RISK_ORDER[a] || 0) >= (RISK_ORDER[b] || 0) ? a : b;
+}
+
+function redactIfSecret(text) {
+  if (!text) return text;
+  const s = String(text);
+  return SECRET_PATTERN.test(s) ? "[REDACTED]" : s;
+}
+
+function safeExists(absPath) {
+  try { return fs.existsSync(absPath); } catch { return false; }
+}
+
+function safeReadText(absPath) {
+  try { return fs.readFileSync(absPath, "utf8"); } catch { return null; }
+}
+
+function safeListDir(absPath) {
+  try { return fs.readdirSync(absPath, { withFileTypes: true }); } catch { return []; }
+}
+
+function createRegistryId() {
+  return `wreg-${Date.now()}-${crypto.randomBytes(4).toString("hex")}`;
+}
+
+// ── Asset builders ─────────────────────────────────────────────────────────────
+
+function makeAsset(fields) {
+  const type = ALLOWED_ASSET_TYPES.has(fields.type) ? fields.type : "unknown";
+  return Object.freeze({
+    assetId: fields.assetId || assetId(type, fields.name || fields.path || ""),
+    type,
+    name: String(fields.name || ""),
+    path: normalizeRelPath(fields.path || ""),
+    source: fields.source || "local",
+    detectedFrom: fields.detectedFrom || "workspace-registry",
+    ownerOrPublisher: fields.ownerOrPublisher || null,
+    version: fields.version || null,
+    languageOrRuntime: fields.languageOrRuntime || null,
+    reviewStatus: fields.reviewStatus || "unknown",
+    trustLevel: fields.trustLevel || "unknown",
+    riskLevel: fields.riskLevel || "low",
+    capabilities: fields.capabilities || [],
+    capabilityRelevance: fields.capabilityRelevance || [],
+    relationships: fields.relationships || [],
+    reasonCodes: fields.reasonCodes || [],
+    safeNextAction: fields.safeNextAction || null,
+    feedsSessionContext: fields.feedsSessionContext ?? false,
+    feedsBrainPack: fields.feedsBrainPack ?? false,
+    feedsCapabilityRecommender: fields.feedsCapabilityRecommender ?? false,
+    feedsInstallIntake: fields.feedsInstallIntake ?? false,
+    feedsSafePath: fields.feedsSafePath ?? false,
+    feedsWorkControl: fields.feedsWorkControl ?? false,
+    metadata: fields.metadata || {},
+    redacted: true,
+  });
+}
+
+// ── Package manifest detection ─────────────────────────────────────────────────
+
+function detectPackageManifest(cwd) {
+  const assets = [];
+  const pkgPath = path.join(cwd, "package.json");
+  if (!safeExists(pkgPath)) return assets;
+
+  let pkg = {};
+  try { pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8")); } catch { return assets; }
+
+  const pkgAsset = makeAsset({
+    type: "package_manifest",
+    name: "package.json",
+    path: "package.json",
+    source: "local",
+    detectedFrom: "package.json",
+    version: pkg.version || null,
+    languageOrRuntime: "node",
+    reviewStatus: "known",
+    trustLevel: "high",
+    riskLevel: "low",
+    feedsSessionContext: true,
+    feedsBrainPack: true,
+    feedsCapabilityRecommender: true,
+    feedsInstallIntake: true,
+    metadata: {
+      name: pkg.name || null,
+      scriptCount: Object.keys(pkg.scripts || {}).length,
+      depCount: Object.keys(pkg.dependencies || {}).length,
+      devDepCount: Object.keys(pkg.devDependencies || {}).length,
+    },
+  });
+  assets.push(pkgAsset);
+
+  // npm scripts
+  for (const [scriptName, scriptCmd] of Object.entries(pkg.scripts || {})) {
+    const isHighRisk = /deploy|publish|release|push|prod/i.test(scriptName);
+    const isMediumRisk = /build|bundle|compile/i.test(scriptName);
+    const riskLevel = isHighRisk ? "high" : isMediumRisk ? "medium" : "low";
+    const reasonCodes = [];
+    if (isHighRisk) reasonCodes.push("DEPLOY_SCRIPT_PRESENT");
+
+    assets.push(makeAsset({
+      type: "npm_script",
+      name: scriptName,
+      path: "package.json#scripts",
+      source: "local",
+      detectedFrom: "package.json",
+      languageOrRuntime: "node",
+      reviewStatus: isHighRisk ? "known" : "known",
+      trustLevel: "high",
+      riskLevel,
+      reasonCodes,
+      safeNextAction: isHighRisk
+        ? "Review the script before executing. Prefer dry-run or test-only mode first."
+        : null,
+      feedsInstallIntake: true,
+      feedsSafePath: isHighRisk,
+      relationships: [{ rel: "defined_by", target: "package.json" }],
+      metadata: { command: redactIfSecret(String(scriptCmd || "").slice(0, 120)) },
+    }));
+  }
+
+  // lockfile
+  for (const lockfile of ["package-lock.json", "pnpm-lock.yaml", "yarn.lock"]) {
+    if (safeExists(path.join(cwd, lockfile))) {
+      assets.push(makeAsset({
+        type: "lockfile",
+        name: lockfile,
+        path: lockfile,
+        source: "local",
+        detectedFrom: "filesystem",
+        reviewStatus: "known",
+        trustLevel: "high",
+        riskLevel: "low",
+        feedsBrainPack: true,
+        feedsInstallIntake: true,
+        relationships: [{ rel: "locks", target: "package.json" }],
+      }));
+      break;
+    }
+  }
+
+  return assets;
+}
+
+// ── Guidance file detection ────────────────────────────────────────────────────
+
+const GUIDANCE_CANDIDATES = [
+  { rel: "AGENTS.md", type: "agents_guidance", name: "AGENTS.md", surface: "agents" },
+  { rel: "CLAUDE.md", type: "claude_guidance", name: "CLAUDE.md", surface: "claude" },
+  { rel: "GEMINI.md", type: "gemini_guidance", name: "GEMINI.md", surface: "gemini" },
+  { rel: ".github/copilot-instructions.md", type: "copilot_guidance", name: "copilot-instructions.md", surface: "copilot" },
+  { rel: ".cursor/rules", type: "cursor_rule", name: ".cursor/rules", surface: "cursor" },
+];
+
+function detectGuidanceFiles(cwd) {
+  const assets = [];
+  for (const candidate of GUIDANCE_CANDIDATES) {
+    const absPath = path.join(cwd, candidate.rel);
+    if (!safeExists(absPath)) continue;
+    assets.push(makeAsset({
+      type: candidate.type,
+      name: candidate.name,
+      path: normalizeRelPath(candidate.rel),
+      source: "local",
+      detectedFrom: "filesystem",
+      reviewStatus: "known",
+      trustLevel: "high",
+      riskLevel: "low",
+      feedsSessionContext: true,
+      feedsBrainPack: true,
+      relationships: [{ rel: "guides", target: candidate.surface }],
+      metadata: { surface: candidate.surface },
+    }));
+  }
+
+  // GitHub instructions dir
+  const ghInstructionsDir = path.join(cwd, ".github", "instructions");
+  if (safeExists(ghInstructionsDir)) {
+    for (const entry of safeListDir(ghInstructionsDir)) {
+      if (!entry.isFile() || !entry.name.endsWith(".instructions.md")) continue;
+      const rel = `.github/instructions/${entry.name}`;
+      assets.push(makeAsset({
+        type: "copilot_guidance",
+        name: entry.name,
+        path: normalizeRelPath(rel),
+        source: "local",
+        detectedFrom: "filesystem",
+        reviewStatus: "known",
+        trustLevel: "high",
+        riskLevel: "low",
+        feedsSessionContext: true,
+        feedsBrainPack: true,
+        relationships: [{ rel: "guides", target: "copilot" }],
+        metadata: { surface: "copilot" },
+      }));
+    }
+  }
+
+  return assets;
+}
+
+// ── VSCode extensions detection ────────────────────────────────────────────────
+
+function detectVscodeExtensions(cwd) {
+  const assets = [];
+  const extPath = path.join(cwd, ".vscode", "extensions.json");
+  if (!safeExists(extPath)) return assets;
+  let ext = {};
+  try { ext = JSON.parse(fs.readFileSync(extPath, "utf8")); } catch { return assets; }
+  const recommendations = ext.recommendations || [];
+  if (!recommendations.length) return assets;
+  assets.push(makeAsset({
+    type: "vscode_extension_recommendation",
+    name: ".vscode/extensions.json",
+    path: ".vscode/extensions.json",
+    source: "local",
+    detectedFrom: "filesystem",
+    reviewStatus: "known",
+    trustLevel: "medium",
+    riskLevel: "low",
+    feedsBrainPack: true,
+    feedsInstallIntake: true,
+    metadata: { count: recommendations.length, names: recommendations.slice(0, 10) },
+  }));
+  return assets;
+}
+
+// ── Skills and skill packs detection ──────────────────────────────────────────
+
+function detectSkillAssets(cwd) {
+  const assets = [];
+
+  // Canonical avorelo skills dir
+  const aSkillsDir = path.join(cwd, "skills", "avorelo");
+  if (safeExists(aSkillsDir)) {
+    const skillFiles = safeListDir(aSkillsDir).filter((e) => e.isFile() && e.name.endsWith(".md"));
+    for (const skillFile of skillFiles) {
+      assets.push(makeAsset({
+        type: "skill",
+        name: skillFile.name,
+        path: normalizeRelPath(`skills/avorelo/${skillFile.name}`),
+        source: "local",
+        detectedFrom: "filesystem",
+        reviewStatus: "known",
+        trustLevel: "high",
+        riskLevel: "low",
+        feedsSessionContext: true,
+        feedsCapabilityRecommender: true,
+        relationships: [{ rel: "contained_by", target: "skills/avorelo" }],
+      }));
+    }
+  }
+
+  // Vendor skill packs
+  const vendorDir = path.join(cwd, "vendor", "skillpacks");
+  if (safeExists(vendorDir)) {
+    for (const entry of safeListDir(vendorDir)) {
+      if (!entry.isDirectory()) continue;
+      const packPath = `vendor/skillpacks/${entry.name}`;
+      const packAsset = makeAsset({
+        type: "skill_pack",
+        name: entry.name,
+        path: normalizeRelPath(packPath),
+        source: "vendor",
+        detectedFrom: "filesystem",
+        reviewStatus: "known",
+        trustLevel: "medium",
+        riskLevel: "low",
+        feedsSessionContext: true,
+        feedsCapabilityRecommender: true,
+        relationships: [],
+      });
+      assets.push(packAsset);
+
+      // Skills inside pack
+      const packSkillDir = path.join(vendorDir, entry.name);
+      for (const skillEntry of safeListDir(packSkillDir)) {
+        if (!skillEntry.isFile() || !skillEntry.name.endsWith(".md")) continue;
+        assets.push(makeAsset({
+          type: "skill",
+          name: skillEntry.name,
+          path: normalizeRelPath(`${packPath}/${skillEntry.name}`),
+          source: "vendor",
+          detectedFrom: "filesystem",
+          reviewStatus: "known",
+          trustLevel: "medium",
+          riskLevel: "low",
+          feedsSessionContext: true,
+          feedsCapabilityRecommender: true,
+          relationships: [{ rel: "contained_by", target: packPath }],
+        }));
+      }
+    }
+  }
+
+  return assets;
+}
+
+// ── Source / test / doc / config file detection ────────────────────────────────
+
+function walkDir(cwd, relDir, matcher, limit = 60) {
+  const results = [];
+  const startAbs = path.join(cwd, relDir);
+  if (!safeExists(startAbs)) return results;
+
+  function walk(currentAbs, currentRel) {
+    if (results.length >= limit) return;
+    for (const entry of safeListDir(currentAbs)) {
+      if (results.length >= limit) break;
+      const entryRel = currentRel ? `${currentRel}/${entry.name}` : entry.name;
+      if (entry.isDirectory()) {
+        if (IGNORED_DIRS.has(entry.name)) continue;
+        walk(path.join(currentAbs, entry.name), entryRel);
+        continue;
+      }
+      if (matcher(normalizeRelPath(entryRel))) {
+        results.push(normalizeRelPath(entryRel));
+      }
+    }
+  }
+  walk(startAbs, normalizeRelPath(relDir));
+  return results;
+}
+
+function detectSourceFiles(cwd) {
+  const assets = [];
+
+  // Core source files — scripts/lib only, by path metadata (not content scan)
+  const sourceFiles = walkDir(cwd, "scripts/lib", (p) => p.endsWith(".js"), 50);
+  for (const relPath of sourceFiles) {
+    assets.push(makeAsset({
+      type: "source_file",
+      name: path.basename(relPath),
+      path: relPath,
+      source: "local",
+      detectedFrom: "filesystem",
+      languageOrRuntime: "node",
+      reviewStatus: "known",
+      trustLevel: "high",
+      riskLevel: "low",
+      feedsSessionContext: true,
+      feedsBrainPack: true,
+    }));
+  }
+
+  return assets;
+}
+
+function detectTestFiles(cwd) {
+  const assets = [];
+  const testFiles = walkDir(cwd, "tests", (p) => p.endsWith(".test.js") || p.endsWith(".spec.js"), 50);
+  for (const relPath of testFiles) {
+    assets.push(makeAsset({
+      type: "test_file",
+      name: path.basename(relPath),
+      path: relPath,
+      source: "local",
+      detectedFrom: "filesystem",
+      languageOrRuntime: "node",
+      reviewStatus: "known",
+      trustLevel: "high",
+      riskLevel: "low",
+      feedsSessionContext: true,
+      feedsBrainPack: true,
+      relationships: inferTestRelationship(relPath),
+    }));
+  }
+  return assets;
+}
+
+function inferTestRelationship(testRelPath) {
+  const base = path.basename(testRelPath).replace(/\.test\.js$|\.spec\.js$/, "");
+  const srcFile = `scripts/lib/${base}.js`;
+  return [{ rel: "validates", target: srcFile }];
+}
+
+function detectDocFiles(cwd) {
+  const assets = [];
+  const docFiles = walkDir(cwd, "docs", (p) => p.endsWith(".md"), 40);
+  for (const relPath of docFiles) {
+    assets.push(makeAsset({
+      type: "doc_file",
+      name: path.basename(relPath),
+      path: relPath,
+      source: "local",
+      detectedFrom: "filesystem",
+      reviewStatus: "known",
+      trustLevel: "high",
+      riskLevel: "low",
+      feedsSessionContext: relPath.includes("dogfood") || relPath.includes("Avorelo"),
+      feedsBrainPack: true,
+    }));
+  }
+  return assets;
+}
+
+function detectConfigFiles(cwd) {
+  const assets = [];
+  const CONFIG_CANDIDATES = [
+    "jest.config.js", "jest.config.ts", "vitest.config.js", "vitest.config.ts",
+    "tsconfig.json", ".eslintrc.js", ".eslintrc.json", ".eslintrc.cjs",
+    "playwright.config.ts", "playwright.config.js",
+    ".gitignore", ".npmignore",
+    "Dockerfile", "docker-compose.yml", "docker-compose.yaml",
+    "railway.json", "railway.toml",
+  ];
+  for (const candidate of CONFIG_CANDIDATES) {
+    if (safeExists(path.join(cwd, candidate))) {
+      const isDeployConfig = /railway|docker|Dockerfile/i.test(candidate);
+      assets.push(makeAsset({
+        type: "config_file",
+        name: candidate,
+        path: candidate,
+        source: "local",
+        detectedFrom: "filesystem",
+        reviewStatus: "known",
+        trustLevel: "high",
+        riskLevel: isDeployConfig ? "medium" : "low",
+        reasonCodes: isDeployConfig ? ["DEPLOY_CONFIG_PRESENT"] : [],
+        feedsBrainPack: true,
+        feedsInstallIntake: isDeployConfig,
+        feedsSafePath: isDeployConfig,
+      }));
+    }
+  }
+  return assets;
+}
+
+// ── MCP / tool config detection ───────────────────────────────────────────────
+
+function detectMcpConfigs(cwd) {
+  const assets = [];
+  const MCP_CONFIG_CANDIDATES = [
+    ".mcp.json",
+    "mcp.json",
+    ".claude/mcp-config.json",
+    ".cursor/mcp.json",
+  ];
+  for (const candidate of MCP_CONFIG_CANDIDATES) {
+    const absPath = path.join(cwd, candidate);
+    if (!safeExists(absPath)) continue;
+
+    let mcpData = {};
+    try { mcpData = JSON.parse(fs.readFileSync(absPath, "utf8")); } catch { mcpData = {}; }
+
+    const serverNames = Object.keys(mcpData.mcpServers || mcpData.servers || {});
+    const hasUnknownServers = serverNames.length > 0;
+
+    assets.push(makeAsset({
+      type: "mcp_server_config",
+      name: candidate,
+      path: normalizeRelPath(candidate),
+      source: "local",
+      detectedFrom: "filesystem",
+      reviewStatus: hasUnknownServers ? "unknown" : "known",
+      trustLevel: hasUnknownServers ? "unknown" : "medium",
+      riskLevel: hasUnknownServers ? "high" : "medium",
+      reasonCodes: hasUnknownServers ? ["UNKNOWN_MCP_SERVER_PRESENT"] : [],
+      safeNextAction: hasUnknownServers
+        ? "Run `avorelo intake` to review unknown MCP server entries before use."
+        : "Review MCP config before use.",
+      feedsInstallIntake: true,
+      feedsSafePath: true,
+      feedsCapabilityRecommender: true,
+      relationships: serverNames.map((n) => ({ rel: "exposes", target: n })),
+      metadata: { serverCount: serverNames.length, serverNames: serverNames.slice(0, 8) },
+    }));
+  }
+  return assets;
+}
+
+// ── Model / worker / orchestration worker detection ───────────────────────────
+
+function detectModelProviderAssets(cwd) {
+  const assets = [];
+
+  // Read from existing inventory if available
+  let modelInventory = null;
+  try {
+    const { loadInventory } = require("./orchestration/inventory");
+    modelInventory = loadInventory(cwd);
+  } catch { /* not available */ }
+
+  if (modelInventory && Array.isArray(modelInventory.tools)) {
+    for (const tool of modelInventory.tools) {
+      const isAvailable = tool.availability === "available";
+      assets.push(makeAsset({
+        type: tool.toolId === "lm_studio" ? "local_model" : "model_provider",
+        name: tool.label || tool.toolId,
+        path: "",
+        source: "local",
+        detectedFrom: "model-inventory",
+        version: tool.activeModel || null,
+        reviewStatus: "known",
+        trustLevel: isAvailable ? "high" : "medium",
+        riskLevel: "low",
+        feedsCapabilityRecommender: true,
+        feedsBrainPack: true,
+        metadata: {
+          toolId: tool.toolId,
+          availability: tool.availability,
+          costTier: tool.costTier,
+          workerState: tool.workerState,
+          supportedRoles: tool.supportedRoles || [],
+        },
+      }));
+    }
+  }
+
+  return assets;
+}
+
+// ── Generated guidance / adapter detection ────────────────────────────────────
+
+function detectGeneratedGuidance(cwd) {
+  const assets = [];
+
+  // .avorelo/generated
+  const genDir = path.join(cwd, ".avorelo", "generated");
+  if (safeExists(genDir)) {
+    for (const entry of safeListDir(genDir)) {
+      if (!entry.isFile()) continue;
+      assets.push(makeAsset({
+        type: "generated_guidance",
+        name: entry.name,
+        path: normalizeRelPath(`.avorelo/generated/${entry.name}`),
+        source: "generated",
+        detectedFrom: "filesystem",
+        reviewStatus: "known",
+        trustLevel: "medium",
+        riskLevel: "low",
+        feedsSessionContext: true,
+        metadata: {},
+      }));
+    }
+  }
+
+  // .avorelo/skills/registry.json
+  const skillRegistryPath = path.join(cwd, ".avorelo", "skills", "registry.json");
+  if (safeExists(skillRegistryPath)) {
+    assets.push(makeAsset({
+      type: "generated_guidance",
+      name: "skills-registry.json",
+      path: ".avorelo/skills/registry.json",
+      source: "generated",
+      detectedFrom: "filesystem",
+      reviewStatus: "known",
+      trustLevel: "high",
+      riskLevel: "low",
+      feedsSessionContext: true,
+      feedsCapabilityRecommender: true,
+    }));
+  }
+
+  return assets;
+}
+
+// ── Latest receipt / proof asset references ───────────────────────────────────
+
+function detectReceiptAssets(cwd) {
+  const assets = [];
+  const RECEIPT_PATHS = [
+    { path: ".claude/cco/orchestration/work-control/latest-receipt.json", name: "work-control-receipt", capability: "work_control" },
+    { path: ".claude/cco/security/install-intake/latest-receipt.json", name: "install-intake-receipt", capability: "install_intake_risk" },
+    { path: ".claude/cco/orchestration/session-context/latest-context.json", name: "session-context", capability: "compact_session_context_basic" },
+  ];
+  for (const rp of RECEIPT_PATHS) {
+    if (!safeExists(path.join(cwd, rp.path))) continue;
+    assets.push(makeAsset({
+      type: "receipt",
+      name: rp.name,
+      path: normalizeRelPath(rp.path),
+      source: "generated",
+      detectedFrom: "filesystem",
+      reviewStatus: "known",
+      trustLevel: "high",
+      riskLevel: "low",
+      feedsWorkControl: true,
+      feedsSessionContext: rp.name === "session-context",
+      relationships: [{ rel: "evidence_for", target: rp.capability }],
+      metadata: { redacted: true },
+    }));
+  }
+  return assets;
+}
+
+// ── Relationship inference ────────────────────────────────────────────────────
+
+function inferCrossAssetRelationships(assets) {
+  const byPath = new Map(assets.map((a) => [a.path, a]));
+  const byType = new Map();
+  for (const a of assets) {
+    if (!byType.has(a.type)) byType.set(a.type, []);
+    byType.get(a.type).push(a);
+  }
+
+  const relationships = [];
+
+  // package_manifest -> defines -> npm_scripts
+  const pkgManifest = assets.find((a) => a.type === "package_manifest");
+  if (pkgManifest) {
+    for (const a of assets.filter((a) => a.type === "npm_script")) {
+      relationships.push({ from: pkgManifest.assetId, rel: "defines", to: a.assetId });
+    }
+    const lockfile = assets.find((a) => a.type === "lockfile");
+    if (lockfile) {
+      relationships.push({ from: pkgManifest.assetId, rel: "locked_by", to: lockfile.assetId });
+    }
+  }
+
+  // test_file -> validates -> source_file
+  for (const testAsset of assets.filter((a) => a.type === "test_file")) {
+    const baseName = path.basename(testAsset.path).replace(/\.test\.js$|\.spec\.js$/, "");
+    const srcPath = `scripts/lib/${baseName}.js`;
+    const srcAsset = byPath.get(srcPath);
+    if (srcAsset) {
+      relationships.push({ from: testAsset.assetId, rel: "validates", to: srcAsset.assetId });
+    }
+  }
+
+  // skill_pack -> contains -> skills
+  for (const packAsset of assets.filter((a) => a.type === "skill_pack")) {
+    for (const skillAsset of assets.filter((a) => a.type === "skill" && a.path.startsWith(packAsset.path))) {
+      relationships.push({ from: packAsset.assetId, rel: "contains", to: skillAsset.assetId });
+    }
+  }
+
+  // guidance -> guides -> agent_surface
+  for (const guideAsset of assets.filter((a) => ["claude_guidance", "agents_guidance", "gemini_guidance", "copilot_guidance", "cursor_rule"].includes(a.type))) {
+    relationships.push({
+      from: guideAsset.assetId,
+      rel: "guides",
+      to: guideAsset.metadata?.surface || "agent",
+    });
+  }
+
+  // receipt -> evidence_for -> capability
+  for (const rcptAsset of assets.filter((a) => a.type === "receipt")) {
+    for (const rel of rcptAsset.relationships) {
+      if (rel.rel === "evidence_for") {
+        relationships.push({ from: rcptAsset.assetId, rel: "evidence_for", to: rel.target });
+      }
+    }
+  }
+
+  return relationships;
+}
+
+// ── Drift detection ───────────────────────────────────────────────────────────
+
+function computeDrift(prevSnapshot, currentAssets) {
+  if (!prevSnapshot || !Array.isArray(prevSnapshot.assets)) {
+    return {
+      previousRegistryId: null,
+      addedAssets: currentAssets.length,
+      removedAssets: 0,
+      changedAssets: 0,
+      unchangedAssets: 0,
+    };
+  }
+
+  const prevById = new Map((prevSnapshot.assets || []).map((a) => [a.assetId, a]));
+  const currById = new Map(currentAssets.map((a) => [a.assetId, a]));
+
+  let added = 0, removed = 0, changed = 0, unchanged = 0;
+
+  for (const [id, curr] of currById) {
+    const prev = prevById.get(id);
+    if (!prev) { added++; continue; }
+    if (prev.reviewStatus !== curr.reviewStatus || prev.riskLevel !== curr.riskLevel) {
+      changed++;
+    } else {
+      unchanged++;
+    }
+  }
+
+  for (const id of prevById.keys()) {
+    if (!currById.has(id)) removed++;
+  }
+
+  return {
+    previousRegistryId: prevSnapshot.registryId || null,
+    addedAssets: added,
+    removedAssets: removed,
+    changedAssets: changed,
+    unchangedAssets: unchanged,
+  };
+}
+
+// ── Integration readers ───────────────────────────────────────────────────────
+
+function readLatestIntakeSummary(cwd) {
+  try {
+    const receipt = safeReadJson(cwd, ".claude/cco/security/install-intake/latest-receipt.json", null);
+    if (!receipt) return null;
+    return {
+      totalItems: receipt.summary?.totalItems || 0,
+      unknownItems: receipt.summary?.unknownItems || 0,
+      highRiskItems: receipt.summary?.highRiskItems || 0,
+      criticalRiskItems: receipt.summary?.criticalRiskItems || 0,
+    };
+  } catch { return null; }
+}
+
+function readLatestWorkControlSummary(cwd) {
+  try {
+    const receipt = safeReadJson(cwd, ".claude/cco/orchestration/work-control/latest-receipt.json", null);
+    if (!receipt) return null;
+    return {
+      finalState: receipt.workControl?.finalState || "missing",
+      nextSafestAction: receipt.workControl?.nextSafestAction || null,
+    };
+  } catch { return null; }
+}
+
+// ── Summary computation ───────────────────────────────────────────────────────
+
+function computeSummary(assets) {
+  const assetsByType = {};
+  let reviewedAssets = 0, unknownAssets = 0, deferredAssets = 0, blockedAssets = 0;
+  let highRiskAssets = 0, criticalRiskAssets = 0;
+  let sessionContextAssets = 0, brainPackAssets = 0, capabilityRelevantAssets = 0;
+  let installIntakeAssets = 0, safePathRelevantAssets = 0;
+
+  for (const a of assets) {
+    assetsByType[a.type] = (assetsByType[a.type] || 0) + 1;
+    if (["reviewed", "known"].includes(a.reviewStatus)) reviewedAssets++;
+    if (a.reviewStatus === "unknown") unknownAssets++;
+    if (a.reviewStatus === "deferred") deferredAssets++;
+    if (a.reviewStatus === "blocked") blockedAssets++;
+    if (a.riskLevel === "high") highRiskAssets++;
+    if (a.riskLevel === "critical") criticalRiskAssets++;
+    if (a.feedsSessionContext) sessionContextAssets++;
+    if (a.feedsBrainPack) brainPackAssets++;
+    if (a.feedsCapabilityRecommender) capabilityRelevantAssets++;
+    if (a.feedsInstallIntake) installIntakeAssets++;
+    if (a.feedsSafePath) safePathRelevantAssets++;
+  }
+
+  return {
+    totalAssets: assets.length,
+    assetsByType,
+    reviewedAssets,
+    unknownAssets,
+    deferredAssets,
+    blockedAssets,
+    highRiskAssets,
+    criticalRiskAssets,
+    sessionContextAssets,
+    brainPackAssets,
+    capabilityRelevantAssets,
+    installIntakeAssets,
+    safePathRelevantAssets,
+  };
+}
+
+// ── Recommendations ───────────────────────────────────────────────────────────
+
+function computeRecommendations(assets, summary, intakeSummary, wcSummary) {
+  const topCapabilityRecommendations = [];
+  const intakeReviewNeeded = [];
+  const safePathReviewNeeded = [];
+
+  if (summary.unknownAssets > 0) {
+    topCapabilityRecommendations.push("install_intake_risk");
+    intakeReviewNeeded.push(...assets.filter((a) => a.reviewStatus === "unknown").map((a) => a.path).slice(0, 5));
+  }
+  if (summary.highRiskAssets > 0 || summary.criticalRiskAssets > 0) {
+    topCapabilityRecommendations.push("safe_path_engine");
+    safePathReviewNeeded.push(...assets.filter((a) => ["high", "critical"].includes(a.riskLevel)).map((a) => a.path).slice(0, 5));
+  }
+  if (summary.sessionContextAssets > 0) {
+    topCapabilityRecommendations.push("compact_session_context_basic");
+  }
+  if (summary.capabilityRelevantAssets > 0) {
+    topCapabilityRecommendations.push("workspace_registry_basic");
+  }
+
+  const sessionContextRelevantFiles = assets
+    .filter((a) => a.feedsSessionContext && a.path)
+    .map((a) => a.path)
+    .filter(Boolean)
+    .slice(0, 20);
+
+  const brainPackContextHints = {
+    packageManager: assets.some((a) => a.type === "lockfile" && a.name.includes("pnpm")) ? "pnpm"
+      : assets.some((a) => a.type === "lockfile" && a.name.includes("yarn")) ? "yarn"
+      : assets.some((a) => a.type === "lockfile") ? "npm" : "unknown",
+    testCommand: "node --test",
+    totalSourceFiles: summary.assetsByType["source_file"] || 0,
+    totalTestFiles: summary.assetsByType["test_file"] || 0,
+    totalDocFiles: summary.assetsByType["doc_file"] || 0,
+    skillCount: (summary.assetsByType["skill"] || 0) + (summary.assetsByType["skill_pack"] || 0),
+    hasGuidanceFiles: (summary.assetsByType["claude_guidance"] || 0) > 0
+      || (summary.assetsByType["agents_guidance"] || 0) > 0,
+  };
+
+  let nextAction = wcSummary?.nextSafestAction || null;
+  if (!nextAction && summary.unknownAssets > 0) {
+    nextAction = "Run `avorelo intake` to review unknown assets before proceeding.";
+  }
+  if (!nextAction && summary.highRiskAssets > 0) {
+    nextAction = "Review high-risk assets (deploy scripts, MCP configs) before executing.";
+  }
+  if (!nextAction) {
+    nextAction = "Registry is current. Run `avorelo session-context --handoff` to generate a compact session handoff.";
+  }
+
+  return {
+    topCapabilityRecommendations: [...new Set(topCapabilityRecommendations)],
+    sessionContextRelevantFiles,
+    brainPackContextHints,
+    intakeReviewNeeded,
+    safePathReviewNeeded,
+    nextAction,
+  };
+}
+
+// ── Value measurement ─────────────────────────────────────────────────────────
+
+function computeValueMeasurement(assets, summary, drift) {
+  const unknownCount = summary.unknownAssets;
+  const highRiskCount = summary.highRiskAssets;
+  const assetCount = summary.totalAssets;
+  const sessionContextCount = summary.sessionContextAssets;
+
+  const valueAddSummary = `Workspace registry indexed ${assetCount} assets (${summary.assetsByType["source_file"] || 0} source, ${summary.assetsByType["test_file"] || 0} test, ${summary.assetsByType["doc_file"] || 0} doc, ${summary.assetsByType["skill"] || 0} skills) without broad scanning or context dumping.`;
+
+  const timeSaved = `Eliminated manual file discovery across ${assetCount} assets. Session Context now receives ${sessionContextCount} pre-indexed relevant files instead of requiring broad repo scan.`;
+
+  const tokenSavedOrContextReduced = `Registry summary replaces broad workspace dump. ${sessionContextCount} session-context assets surfaced compactly (summary only, no file content). Drift detection avoids re-scanning ${drift.unchangedAssets} unchanged assets.`;
+
+  const riskAvoided = unknownCount > 0
+    ? `Flagged ${unknownCount} unknown-review assets and ${highRiskCount} high-risk assets (MCP configs, deploy scripts) before use — routed to Install Intake / Safe Path instead of silent trust.`
+    : `No unknown assets in current workspace. ${highRiskCount} high-risk assets (deploy scripts) pre-flagged for Safe Path review.`;
+
+  const clarityImproved = `Registry provides normalized asset types, capability relevance flags, and integration bridges (feedsSessionContext, feedsBrainPack, feedsInstallIntake, feedsSafePath) without requiring the model to re-derive these from raw file scans.`;
+
+  const seamlessnessScore = unknownCount === 0 && highRiskCount <= 2 ? "high" : highRiskCount > 5 ? "medium" : "high";
+
+  const willingnessToPaySignal = sessionContextCount > 10
+    ? `"Avorelo indexes your entire AI workspace so the next session knows exactly which files, tools, and commands to start with — no setup, no scanning."`
+    : null;
+
+  const remainingFriction = [
+    "Registry rebuilds from scratch each run (no incremental file-hash tracking yet).",
+    "MCP tool-level asset detection requires fixture file to be present.",
+    "Model/worker assets depend on inventory being pre-loaded.",
+  ].join(" ");
+
+  const recommendedProductChange = "Add file-hash based incremental registry update to avoid full rebuild on each run. Add registry CLI filter by capabilityRelevance to support Brain Pack queries.";
+
+  return {
+    valueAddSummary,
+    timeSaved,
+    tokenSavedOrContextReduced,
+    riskAvoided,
+    clarityImproved,
+    seamlessnessScore,
+    willingnessToPaySignal,
+    remainingFriction,
+    recommendedProductChange,
+  };
+}
+
+// ── Main build function ───────────────────────────────────────────────────────
+
+function buildWorkspaceRegistry(cwd, options = {}) {
+  ensureCcoDirs(cwd);
+
+  // Ensure registry history dir
+  const historyDir = path.join(cwd, REGISTRY_HISTORY_DIR_REL_PATH);
+  try { fs.mkdirSync(historyDir, { recursive: true }); } catch {}
+
+  const registryId = createRegistryId();
+  const prevSnapshot = readLatestRegistry(cwd);
+
+  // Detect all asset categories
+  const detectedAssets = [
+    ...detectPackageManifest(cwd),
+    ...detectGuidanceFiles(cwd),
+    ...detectVscodeExtensions(cwd),
+    ...detectSkillAssets(cwd),
+    ...detectSourceFiles(cwd),
+    ...detectTestFiles(cwd),
+    ...detectDocFiles(cwd),
+    ...detectConfigFiles(cwd),
+    ...detectMcpConfigs(cwd),
+    ...detectModelProviderAssets(cwd),
+    ...detectGeneratedGuidance(cwd),
+    ...detectReceiptAssets(cwd),
+  ];
+
+  // Deduplicate by assetId
+  const seenIds = new Set();
+  const assets = detectedAssets.filter((a) => {
+    if (seenIds.has(a.assetId)) return false;
+    seenIds.add(a.assetId);
+    return true;
+  });
+
+  const relationships = inferCrossAssetRelationships(assets);
+  const summary = computeSummary(assets);
+  const drift = computeDrift(prevSnapshot, assets);
+
+  const intakeSummary = readLatestIntakeSummary(cwd);
+  const wcSummary = readLatestWorkControlSummary(cwd);
+  const recommendations = computeRecommendations(assets, summary, intakeSummary, wcSummary);
+  const valueMeasurement = computeValueMeasurement(assets, summary, drift);
+
+  const scannedSources = [
+    "package.json",
+    "guidance files (AGENTS.md, CLAUDE.md, GEMINI.md, .cursor/rules, .github/copilot-instructions.md)",
+    ".vscode/extensions.json",
+    "skills/avorelo",
+    "vendor/skillpacks",
+    "scripts/lib (source files)",
+    "tests (test files)",
+    "docs (doc files)",
+    "config files (tsconfig, jest, playwright, etc.)",
+    "mcp config candidates",
+    "model-inventory (if available)",
+    ".avorelo/generated",
+    "orchestration receipts (by path only)",
+  ];
+
+  const registry = {
+    schemaVersion: REGISTRY_SCHEMA_VERSION,
+    contract: REGISTRY_CONTRACT,
+    registryId,
+    createdAt: nowIso(),
+    cwd,
+    scannedSources,
+    assets,
+    relationships,
+    summary,
+    drift,
+    recommendations,
+    valueMeasurement,
+    productLearning: {
+      eventsWritten: [],
+      suggestedEvents: [
+        "workspace_registry_generated",
+        "workspace_registry_value_measured",
+      ],
+    },
+    redacted: true,
+  };
+
+  return registry;
+}
+
+// ── Write / read ──────────────────────────────────────────────────────────────
+
+function writeWorkspaceRegistry(cwd, registry, options = {}) {
+  ensureCcoDirs(cwd);
+
+  const historyDir = path.join(cwd, REGISTRY_HISTORY_DIR_REL_PATH);
+  try { fs.mkdirSync(historyDir, { recursive: true }); } catch {}
+
+  // Write latest
+  safeWriteJson(cwd, LATEST_REGISTRY_REL_PATH, registry);
+
+  // Write history entry
+  const histRelPath = `${REGISTRY_HISTORY_DIR_REL_PATH}/${registry.registryId}.json`;
+  safeWriteJson(cwd, histRelPath, registry);
+
+  // Write Markdown summary
+  const summaryMd = formatRegistrySummaryMarkdown(registry);
+  safeWriteText(cwd, LATEST_SUMMARY_MD_REL_PATH, summaryMd);
+
+  // Product learning events
+  const eventsWritten = [];
+  try {
+    appendProductLearningEvent(cwd, "workspace_registry_generated", {
+      registryId: registry.registryId,
+      totalAssets: registry.summary.totalAssets,
+      unknownAssets: registry.summary.unknownAssets,
+      highRiskAssets: registry.summary.highRiskAssets,
+      sessionContextAssets: registry.summary.sessionContextAssets,
+      driftAdded: registry.drift.addedAssets,
+      driftRemoved: registry.drift.removedAssets,
+    });
+    eventsWritten.push("workspace_registry_generated");
+  } catch {}
+
+  if (registry.summary.unknownAssets > 0) {
+    try {
+      appendProductLearningEvent(cwd, "workspace_asset_unknown_detected", {
+        registryId: registry.registryId,
+        unknownCount: registry.summary.unknownAssets,
+        capabilityRecommended: "install_intake_risk",
+      });
+      eventsWritten.push("workspace_asset_unknown_detected");
+    } catch {}
+  }
+
+  if (registry.summary.highRiskAssets > 0) {
+    try {
+      appendProductLearningEvent(cwd, "workspace_asset_high_risk_detected", {
+        registryId: registry.registryId,
+        highRiskCount: registry.summary.highRiskAssets,
+        capabilityRecommended: "safe_path_engine",
+      });
+      eventsWritten.push("workspace_asset_high_risk_detected");
+    } catch {}
+  }
+
+  if (registry.drift.addedAssets > 0 || registry.drift.removedAssets > 0) {
+    try {
+      appendProductLearningEvent(cwd, "workspace_registry_drift_detected", {
+        registryId: registry.registryId,
+        previousRegistryId: registry.drift.previousRegistryId,
+        addedAssets: registry.drift.addedAssets,
+        removedAssets: registry.drift.removedAssets,
+        changedAssets: registry.drift.changedAssets,
+      });
+      eventsWritten.push("workspace_registry_drift_detected");
+    } catch {}
+  }
+
+  try {
+    appendProductLearningEvent(cwd, "workspace_registry_value_measured", {
+      registryId: registry.registryId,
+      seamlessnessScore: registry.valueMeasurement.seamlessnessScore,
+      sessionContextAssets: registry.summary.sessionContextAssets,
+      totalAssets: registry.summary.totalAssets,
+      hasWillingnessToPaySignal: Boolean(registry.valueMeasurement.willingnessToPaySignal),
+    });
+    eventsWritten.push("workspace_registry_value_measured");
+  } catch {}
+
+  registry.productLearning.eventsWritten = eventsWritten;
+
+  return {
+    ok: true,
+    registryPath: LATEST_REGISTRY_REL_PATH,
+    summaryPath: LATEST_SUMMARY_MD_REL_PATH,
+    historyPath: histRelPath,
+    eventLog: REGISTRY_EVENT_LOG_REL_PATH,
+  };
+}
+
+function readLatestRegistry(cwd) {
+  return safeReadJson(cwd, LATEST_REGISTRY_REL_PATH, null);
+}
+
+// ── Formatting ────────────────────────────────────────────────────────────────
+
+function formatRegistrySummaryMarkdown(registry) {
+  const s = registry.summary;
+  const r = registry.recommendations;
+  const vm = registry.valueMeasurement;
+  const drift = registry.drift;
+
+  const lines = [
+    `# Avorelo Workspace Registry — Summary`,
+    `> Generated: ${registry.createdAt} | Registry ID: ${registry.registryId}`,
+    `> Contract: ${registry.contract}`,
+    ``,
+    `## Asset Summary`,
+    `- **Total assets:** ${s.totalAssets}`,
+    `- **Source files:** ${s.assetsByType["source_file"] || 0}`,
+    `- **Test files:** ${s.assetsByType["test_file"] || 0}`,
+    `- **Doc files:** ${s.assetsByType["doc_file"] || 0}`,
+    `- **Config files:** ${s.assetsByType["config_file"] || 0}`,
+    `- **Skills / Skill packs:** ${(s.assetsByType["skill"] || 0)} / ${(s.assetsByType["skill_pack"] || 0)}`,
+    `- **Guidance files:** ${(s.assetsByType["claude_guidance"] || 0) + (s.assetsByType["agents_guidance"] || 0) + (s.assetsByType["gemini_guidance"] || 0) + (s.assetsByType["copilot_guidance"] || 0)}`,
+    `- **MCP configs:** ${s.assetsByType["mcp_server_config"] || 0}`,
+    `- **npm scripts:** ${s.assetsByType["npm_script"] || 0}`,
+    ``,
+    `## Risk / Trust`,
+    `- Reviewed: ${s.reviewedAssets} | Unknown: ${s.unknownAssets} | Deferred: ${s.deferredAssets} | Blocked: ${s.blockedAssets}`,
+    `- High risk: ${s.highRiskAssets} | Critical: ${s.criticalRiskAssets}`,
+    ``,
+    `## Integration Signals`,
+    `- Feeds Session Context: ${s.sessionContextAssets} assets`,
+    `- Feeds Brain Pack: ${s.brainPackAssets} assets`,
+    `- Feeds Capability Recommender: ${s.capabilityRelevantAssets} assets`,
+    `- Feeds Install Intake: ${s.installIntakeAssets} assets`,
+    `- Feeds Safe Path: ${s.safePathRelevantAssets} assets`,
+    ``,
+    `## Drift vs Previous`,
+    drift.previousRegistryId
+      ? `- Previous: ${drift.previousRegistryId} | Added: ${drift.addedAssets} | Removed: ${drift.removedAssets} | Changed: ${drift.changedAssets} | Unchanged: ${drift.unchangedAssets}`
+      : `- First registry snapshot — no previous baseline.`,
+    ``,
+    `## Recommendations`,
+    `- Next action: ${r.nextAction}`,
+    r.intakeReviewNeeded.length ? `- Intake review needed: ${r.intakeReviewNeeded.join(", ")}` : null,
+    r.safePathReviewNeeded.length ? `- Safe path review needed: ${r.safePathReviewNeeded.join(", ")}` : null,
+    ``,
+    `## Value Measurement`,
+    `- **Value:** ${vm.valueAddSummary}`,
+    `- **Time saved:** ${vm.timeSaved}`,
+    `- **Token/context:** ${vm.tokenSavedOrContextReduced}`,
+    `- **Risk avoided:** ${vm.riskAvoided}`,
+    `- **Seamlessness:** ${vm.seamlessnessScore}`,
+    vm.willingnessToPaySignal ? `- **Willingness to pay:** ${vm.willingnessToPaySignal}` : null,
+    `- **Remaining friction:** ${vm.remainingFriction}`,
+    ``,
+  ].filter((l) => l !== null).join("\n");
+
+  return lines;
+}
+
+function formatRegistryText(registry) {
+  const s = registry.summary;
+  const r = registry.recommendations;
+  const drift = registry.drift;
+
+  return [
+    `Avorelo Workspace Registry`,
+    `Registry ID: ${registry.registryId}  Created: ${registry.createdAt}`,
+    ``,
+    `Assets: ${s.totalAssets} total · ${s.reviewedAssets} reviewed · ${s.unknownAssets} unknown · ${s.highRiskAssets} high-risk`,
+    `Types: ${Object.entries(s.assetsByType).map(([t, n]) => `${t}:${n}`).join(" · ")}`,
+    ``,
+    `Feeds: session-context:${s.sessionContextAssets} · brain-pack:${s.brainPackAssets} · capability:${s.capabilityRelevantAssets} · intake:${s.installIntakeAssets} · safe-path:${s.safePathRelevantAssets}`,
+    ``,
+    drift.previousRegistryId
+      ? `Drift: +${drift.addedAssets} added · -${drift.removedAssets} removed · ${drift.changedAssets} changed (vs ${drift.previousRegistryId})`
+      : `Drift: first snapshot`,
+    ``,
+    `Next: ${r.nextAction}`,
+    `Registry: ${LATEST_REGISTRY_REL_PATH}`,
+    `Summary:  ${LATEST_SUMMARY_MD_REL_PATH}`,
+  ].join("\n");
+}
+
+// ── Dashboard / status surface ────────────────────────────────────────────────
+
+function buildWorkspaceRegistrySurface(cwd) {
+  const registry = readLatestRegistry(cwd);
+  if (!registry) {
+    return {
+      status: "missing",
+      latestRegistryPath: null,
+      totalAssets: 0,
+      assetsByType: {},
+      unknownAssets: 0,
+      highRiskAssets: 0,
+      sessionContextAssets: 0,
+      brainPackAssets: 0,
+      capabilityRelevantAssets: 0,
+      driftSummary: null,
+      nextAction: "Run `avorelo workspace-registry` to build the first asset inventory.",
+    };
+  }
+
+  const s = registry.summary;
+  const drift = registry.drift;
+
+  return {
+    status: s.unknownAssets > 0 ? "attention" : s.highRiskAssets > 0 ? "review" : "ok",
+    latestRegistryPath: LATEST_REGISTRY_REL_PATH,
+    registryId: registry.registryId,
+    createdAt: registry.createdAt,
+    totalAssets: s.totalAssets,
+    assetsByType: s.assetsByType,
+    unknownAssets: s.unknownAssets,
+    highRiskAssets: s.highRiskAssets,
+    sessionContextAssets: s.sessionContextAssets,
+    brainPackAssets: s.brainPackAssets,
+    capabilityRelevantAssets: s.capabilityRelevantAssets,
+    driftSummary: drift.previousRegistryId
+      ? `+${drift.addedAssets}/-${drift.removedAssets}/${drift.changedAssets}ch vs ${drift.previousRegistryId}`
+      : "first snapshot",
+    nextAction: registry.recommendations?.nextAction || null,
+  };
+}
+
+// ── Session Context integration ───────────────────────────────────────────────
+
+function enrichSessionContextWithRegistry(cwd, sessionContextData) {
+  const registry = readLatestRegistry(cwd);
+  if (!registry) return sessionContextData;
+
+  const registryRelevantFiles = (registry.recommendations?.sessionContextRelevantFiles || []).slice(0, 15);
+  const existingFiles = sessionContextData.relevantFiles || [];
+  const merged = [...new Set([...existingFiles, ...registryRelevantFiles])].slice(0, 20);
+
+  const enriched = { ...sessionContextData, relevantFiles: merged };
+
+  if (registry.summary.unknownAssets > 0) {
+    enriched.assetWarnings = enriched.assetWarnings || [];
+    enriched.assetWarnings.push(`Registry: ${registry.summary.unknownAssets} unknown-review assets detected — run intake before proceeding.`);
+  }
+  if (registry.summary.highRiskAssets > 0) {
+    enriched.assetWarnings = enriched.assetWarnings || [];
+    enriched.assetWarnings.push(`Registry: ${registry.summary.highRiskAssets} high-risk assets (deploy scripts, MCP configs) — review before executing.`);
+  }
+
+  enriched.registrySummary = {
+    registryId: registry.registryId,
+    totalAssets: registry.summary.totalAssets,
+    sessionContextAssets: registry.summary.sessionContextAssets,
+    highRiskAssets: registry.summary.highRiskAssets,
+    nextAction: registry.recommendations?.nextAction,
+  };
+
+  try {
+    appendProductLearningEvent(cwd, "workspace_registry_used_in_session_context", {
+      registryId: registry.registryId,
+      filesAdded: merged.length - existingFiles.length,
+      totalRelevantFiles: merged.length,
+    });
+  } catch {}
+
+  return enriched;
+}
+
+// ── Brain Pack integration ────────────────────────────────────────────────────
+
+function buildRegistryBrainPackHints(cwd) {
+  const registry = readLatestRegistry(cwd);
+  if (!registry) return null;
+
+  const hints = registry.recommendations?.brainPackContextHints || {};
+
+  try {
+    appendProductLearningEvent(cwd, "workspace_registry_used_in_brain_pack", {
+      registryId: registry.registryId,
+      totalAssets: registry.summary.totalAssets,
+      brainPackAssets: registry.summary.brainPackAssets,
+    });
+  } catch {}
+
+  return {
+    packageManager: hints.packageManager || "unknown",
+    testCommand: hints.testCommand || "node --test",
+    totalSourceFiles: hints.totalSourceFiles || 0,
+    totalTestFiles: hints.totalTestFiles || 0,
+    totalDocFiles: hints.totalDocFiles || 0,
+    skillCount: hints.skillCount || 0,
+    hasGuidanceFiles: hints.hasGuidanceFiles || false,
+    registryId: registry.registryId,
+    registryAssets: registry.summary.totalAssets,
+    registryCreatedAt: registry.createdAt,
+  };
+}
+
+// ── Capability recommender signal ─────────────────────────────────────────────
+
+function buildRegistryCapabilitySignal(cwd) {
+  const registry = readLatestRegistry(cwd);
+  if (!registry) return null;
+
+  return {
+    hasHighRiskAssets: registry.summary.highRiskAssets > 0,
+    hasUnknownAssets: registry.summary.unknownAssets > 0,
+    hasMcpConfigs: (registry.summary.assetsByType["mcp_server_config"] || 0) > 0,
+    hasLargeSourceSet: (registry.summary.assetsByType["source_file"] || 0) > 20,
+    hasSessionContextAssets: registry.summary.sessionContextAssets > 0,
+    sessionContextAssets: registry.summary.sessionContextAssets,
+    totalAssets: registry.summary.totalAssets,
+    topCapabilityRecommendations: registry.recommendations?.topCapabilityRecommendations || [],
+  };
+}
+
+// ── Exports ───────────────────────────────────────────────────────────────────
+
+module.exports = {
+  REGISTRY_CONTRACT,
+  REGISTRY_SCHEMA_VERSION,
+  LATEST_REGISTRY_REL_PATH,
+  LATEST_SUMMARY_MD_REL_PATH,
+  REGISTRY_HISTORY_DIR_REL_PATH,
+  REGISTRY_EVENT_LOG_REL_PATH,
+  buildWorkspaceRegistry,
+  writeWorkspaceRegistry,
+  readLatestRegistry,
+  buildWorkspaceRegistrySurface,
+  enrichSessionContextWithRegistry,
+  buildRegistryBrainPackHints,
+  buildRegistryCapabilitySignal,
+  formatRegistryText,
+  formatRegistrySummaryMarkdown,
+};