avorelo 0.1.0

package/scripts/lib/capability-registry.js

@@ -0,0 +1,1059 @@
+"use strict";
+
+const { CAPABILITIES } = require("./plans");
+
+const VALID_FAMILY_IDS = new Set([
+  "activation_readiness",
+  "status_dashboard",
+  "prompt_workflow_help",
+  "context_token_cost_optimization",
+  "model_worker_routing",
+  "execution_work_control",
+  "agent_security",
+  "agent_access_governance",
+  "install_intake_risk",
+  "safe_path_engine",
+  "workspace_map",
+  "skills_skill_packs",
+  "source_intake",
+  "thin_adapters",
+  "product_learning",
+  "proof_evidence",
+  "pricing_entitlements",
+  "website_onboarding",
+  "frontend_visual_qa",
+  "ai_workspace_hygiene",
+  "execution_packet",
+  "lifecycle_hooks",
+  "token_efficiency_hardening",
+  "launch_hardening",
+  "failure_recovery_hardening",
+  "artifact_health_monitoring",
+  // PR #145 — MCP Least-Privilege Tool Governance v1
+  "mcp_tool_governance",
+  // PR #146 — One-Prompt AI Install + Pre-Launch Activation Readiness v1
+  "ai_install_onboarding",
+  "prelaunch_activation_readiness",
+  // PR #147 — Pre-Launch Intelligence Layer v1
+  "prelaunch_intelligence",
+  // PR #148 — Full Readiness / Release Candidate Gate v1
+  "full_readiness_gate",
+  // PR #149 — Activation Distribution Readiness v1
+  "activation_distribution_readiness",
+  // PR #160 — Design Partner Feedback + Readiness Delta v1
+  "design_partner_feedback",
+  "readiness_delta",
+  // PR #161 — Public Activation Distribution Truth v1
+  "public_distribution",
+  // PR #162 — Plugin / Adapter Technical Readiness v1
+  "adapter_technical_readiness",
+  // PR #163 — Cross-Host Install Plan + Browser-Proof Preflight v1
+  "cross_host_adapter_readiness",
+]);
+
+const VALID_PRODUCT_STATUSES = new Set([
+  "shipped",
+  "partial",
+  "foundation",
+  "docs_only",
+  "gap",
+]);
+
+const VALID_STRENGTHS = new Set(["strong", "partial", "weak", "missing"]);
+const VALID_SURFACE_TYPES = new Set(["policy", "detection", "warning", "evidence", "docs_only", "block", "approval"]);
+
+const FAMILY_OVERRIDES = Object.freeze({
+  local_activation: "activation_readiness",
+  ai_coding_readiness: "activation_readiness",
+  dynamic_skill_pack_selection: "skills_skill_packs",
+  reference_source_intake_basic: "source_intake",
+  skill_md_parser_basic: "skills_skill_packs",
+  skill_pattern_extraction_basic: "skills_skill_packs",
+  skill_trust_scan_basic: "source_intake",
+  capability_binding_basic: "skills_skill_packs",
+  source_backed_skill_router_basic: "skills_skill_packs",
+  thin_adapter_guidance_sync_basic: "thin_adapters",
+  install_intake_risk_basic: "install_intake_risk",
+  mcp_intake_visibility_basic: "install_intake_risk",
+  package_intake_visibility_basic: "install_intake_risk",
+  extension_intake_visibility_basic: "install_intake_risk",
+  connector_intake_visibility_basic: "install_intake_risk",
+  skill_source_intake_risk_basic: "install_intake_risk",
+  intake_safe_next_action_basic: "install_intake_risk",
+  intake_receipt_basic: "install_intake_risk",
+  workspace_map_basic: "workspace_map",
+  approval_required_decisions: "agent_access_governance",
+  least_privilege_profile: "agent_access_governance",
+  zero_standing_permissions_posture: "agent_access_governance",
+  scoped_jit_style_access: "agent_access_governance",
+  zero_standing_permissions_policy: "agent_access_governance",
+  safe_path_recommendation_basic: "safe_path_engine",
+  least_privilege_scope_reduction_basic: "safe_path_engine",
+  jit_temporary_scope_fields_basic: "safe_path_engine",
+  approval_boundary_safe_path_basic: "safe_path_engine",
+  safe_path_receipt_basic: "safe_path_engine",
+  skill_route_context_safety_basic: "safe_path_engine",
+  // Seamless Activation + Self-Healing Setup v1
+  seamless_activation_basic: "activation_readiness",
+  self_healing_setup_basic: "activation_readiness",
+  activation_repair_loop_basic: "activation_readiness",
+  activation_model_routing_detection_basic: "activation_readiness",
+  activation_dashboard_ready_basic: "activation_readiness",
+  activation_agent_repair_plan_basic: "activation_readiness",
+  // Skill Hygiene & Routing Guard v1
+  skill_hygiene_basic: "skills_skill_packs",
+  skill_duplicate_activation_guard_basic: "skills_skill_packs",
+  skill_shadow_contribution_basic: "skills_skill_packs",
+  skill_conflict_guard_basic: "skills_skill_packs",
+  skill_context_hygiene_basic: "context_token_cost_optimization",
+  skill_security_hygiene_basic: "agent_security",
+  skill_route_hygiene_basic: "skills_skill_packs",
+  skill_intake_check_basic: "source_intake",
+  // Prompt / Context / Token Optimization Foundation v1
+  prompt_context_pack_basic: "context_token_cost_optimization",
+  stage_context_budget_basic: "context_token_cost_optimization",
+  token_budget_estimation_basic: "context_token_cost_optimization",
+  context_compaction_basic: "context_token_cost_optimization",
+  local_worker_context_boundary_basic: "context_token_cost_optimization",
+  handoff_context_pack_basic: "context_token_cost_optimization",
+  skill_context_lazy_loading_basic: "context_token_cost_optimization",
+  no_secrets_context_boundary_basic: "context_token_cost_optimization",
+  context_optimization_receipt_basic: "proof_evidence",
+  context_product_learning_basic: "product_learning",
+  // Measurement Evidence Foundation v1
+  dogfood_reality_gate_basic: "proof_evidence",
+  launch_ready_journey_dogfood_basic: "proof_evidence",
+  local_pricing_source_basic: "context_token_cost_optimization",
+  token_evidence_basic: "context_token_cost_optimization",
+  session_timing_evidence_basic: "context_token_cost_optimization",
+  cost_evidence_basic: "context_token_cost_optimization",
+  measurement_evidence_foundation_basic: "context_token_cost_optimization",
+  cost_overclaim_guard_basic: "proof_evidence",
+  // Task-Specific Continuation + Value Evidence Hardening v1
+  task_specific_continuation_basic: "agent_security",
+  task_specific_safe_next_action_basic: "agent_security",
+  value_evidence_collection_basic: "proof_evidence",
+  evidence_backed_value_summary_basic: "proof_evidence",
+  command_value_summary_autowrite_basic: "proof_evidence",
+  seamless_continuation_reality_gate_basic: "proof_evidence",
+  // AI Workspace Hygiene + Capability Registry v1
+  ai_workspace_hygiene_basic: "ai_workspace_hygiene",
+  ai_workspace_asset_inventory_basic: "ai_workspace_hygiene",
+  capability_registry_metadata_basic: "ai_workspace_hygiene",
+  workspace_skill_hygiene_basic: "ai_workspace_hygiene",
+  instruction_surface_hygiene_basic: "ai_workspace_hygiene",
+  mcp_workspace_visibility_basic: "ai_workspace_hygiene",
+  hook_surface_visibility_basic: "ai_workspace_hygiene",
+  package_script_hygiene_basic: "ai_workspace_hygiene",
+  orchestration_ready_capability_metadata_basic: "ai_workspace_hygiene",
+  // Work-Aware Orchestration + Workspace Relevance v1
+  work_aware_orchestration_basic: "model_worker_routing",
+  stage_based_work_plan_basic: "model_worker_routing",
+  stage_based_worker_selection_basic: "model_worker_routing",
+  workspace_relevance_context_selection_basic: "context_token_cost_optimization",
+  stage_aware_handoff_basic: "proof_evidence",
+  orchestration_value_evidence_basic: "proof_evidence",
+  // AI-Native Company Loop + Unified Work Ledger v1
+  work_ledger_basic: "proof_evidence",
+  ai_native_company_loop_basic: "proof_evidence",
+  internal_persona_review_basic: "proof_evidence",
+  dogfood_friction_clustering_basic: "proof_evidence",
+  feedback_signal_schema_basic: "proof_evidence",
+  next_pr_recommendation_basic: "proof_evidence",
+  cost_cogs_quality_rollup_basic: "proof_evidence",
+  // Execution Packet + Project Profile + Work Panel Preview v1
+  project_profile_detection_basic: "execution_packet",
+  execution_packet_basic: "execution_packet",
+  execution_packet_scope_boundaries_basic: "execution_packet",
+  agent_prompt_compiler_basic: "execution_packet",
+  work_panel_preview_basic: "execution_packet",
+  proof_requirements_packet_basic: "proof_evidence",
+  diff_before_write_policy_basic: "execution_packet",
+  // Seamless Smart Work Routing + Worker Handoff v1
+  smart_route_hook_binding_basic: "lifecycle_hooks",
+  execution_packet_hook_binding_basic: "lifecycle_hooks",
+  safe_run_hook_binding_basic: "lifecycle_hooks",
+  // Hook Baseline + Lifecycle Automation Preview v1
+  hook_baseline_registry_basic: "lifecycle_hooks",
+  adapter_readiness_basic: "lifecycle_hooks",
+  hook_config_preview_basic: "lifecycle_hooks",
+  lifecycle_hook_handler_basic: "lifecycle_hooks",
+  pre_tool_use_guard_mapping_basic: "lifecycle_hooks",
+  post_tool_use_ledger_mapping_basic: "lifecycle_hooks",
+  stop_proof_gate_mapping_basic: "lifecycle_hooks",
+  session_end_summary_handoff_mapping_basic: "lifecycle_hooks",
+  // PR #141 — Explicit Hook Apply + Lifecycle Live v1
+  explicit_hook_apply_basic: "lifecycle_hooks",
+  hook_apply_dry_run_basic: "lifecycle_hooks",
+  hook_config_backup_basic: "lifecycle_hooks",
+  hook_apply_validation_basic: "lifecycle_hooks",
+  hook_rollback_basic: "lifecycle_hooks",
+  hook_uninstall_basic: "lifecycle_hooks",
+  hook_doctor_basic: "lifecycle_hooks",
+  hook_recursion_guard_basic: "lifecycle_hooks",
+  lifecycle_live_smoke_basic: "lifecycle_hooks",
+  e2e_value_dogfood_gate_basic: "proof_evidence",
+  // PR #142 — Activation Alpha Readiness + First Value v1
+  alpha_activation_basic: "activation_readiness",
+  first_value_path_basic: "activation_readiness",
+  alpha_readiness_gate_basic: "activation_readiness",
+  local_feedback_capture_basic: "proof_evidence",
+  support_bundle_basic: "proof_evidence",
+  activation_company_loop_integration_basic: "proof_evidence",
+  e2e_value_dogfood_gate_basic_pr142: "proof_evidence",
+  // PR #143 — Token Efficiency + Context Quality Hardening v1
+  tool_output_sandbox_basic: "token_efficiency_hardening",
+  tool_output_budget_basic: "token_efficiency_hardening",
+  repo_map_basic: "token_efficiency_hardening",
+  symbol_map_basic: "token_efficiency_hardening",
+  context_acquisition_plan_basic: "token_efficiency_hardening",
+  token_count_tree_basic: "token_efficiency_hardening",
+  token_efficiency_evidence_basic: "token_efficiency_hardening",
+  context_quality_gate_basic: "token_efficiency_hardening",
+  cache_readiness_checker_basic: "token_efficiency_hardening",
+  compact_output_policy_basic: "token_efficiency_hardening",
+  // PR #144 — Launch Hardening + Failure Recovery v1
+  launch_hardening_gate_basic: "launch_hardening",
+  failure_recovery_taxonomy_basic: "failure_recovery_hardening",
+  doctor_recovery_basic: "failure_recovery_hardening",
+  artifact_health_basic: "artifact_health_monitoring",
+  artifact_cleanup_basic: "artifact_health_monitoring",
+  support_bundle_hardening_basic: "proof_evidence",
+  cross_platform_sanity_basic: "launch_hardening",
+  non_interactive_ci_mode_basic: "launch_hardening",
+  e2e_launch_hardening_dogfood_basic: "proof_evidence",
+  // PR #145 — MCP Least-Privilege Tool Governance v1
+  mcp_tool_inventory_basic: "mcp_tool_governance",
+  mcp_tool_risk_classification_basic: "mcp_tool_governance",
+  mcp_least_privilege_policy_basic: "mcp_tool_governance",
+  mcp_config_preview_basic: "mcp_tool_governance",
+  mcp_pre_tool_use_enforcement_basic: "mcp_tool_governance",
+  mcp_metadata_safety_scan_basic: "mcp_tool_governance",
+  mcp_support_bundle_redaction_basic: "proof_evidence",
+  e2e_mcp_risk_dogfood_basic: "proof_evidence",
+  // PR #146 — One-Prompt AI Install + Pre-Launch Activation Readiness v1
+  ai_install_prompt_basic: "ai_install_onboarding",
+  one_prompt_install_basic: "ai_install_onboarding",
+  ai_install_safety_boundaries_basic: "ai_install_onboarding",
+  ai_install_support_bundle_integration_basic: "ai_install_onboarding",
+  prelaunch_activation_readiness_basic: "prelaunch_activation_readiness",
+  first_value_journey_basic: "prelaunch_activation_readiness",
+  e2e_ai_install_dogfood_basic: "proof_evidence",
+  // PR #147 — Pre-Launch Intelligence Layer v1
+  prelaunch_intelligence_basic: "prelaunch_intelligence",
+  feedback_intelligence_basic: "prelaunch_intelligence",
+  friction_clustering_basic: "prelaunch_intelligence",
+  token_cost_intelligence_basic: "prelaunch_intelligence",
+  install_journey_intelligence_basic: "prelaunch_intelligence",
+  company_loop_prelaunch_signal_integration_basic: "prelaunch_intelligence",
+  support_bundle_prompt_readiness_summary_basic: "prelaunch_intelligence",
+  e2e_prelaunch_intelligence_dogfood_basic: "proof_evidence",
+  // PR #148 — Full Readiness / Release Candidate Gate v1
+  full_readiness_gate_basic: "full_readiness_gate",
+  readiness_evidence_closure_basic: "full_readiness_gate",
+  known_limitations_register_basic: "full_readiness_gate",
+  external_user_simulation_basic: "full_readiness_gate",
+  release_candidate_bundle_basic: "full_readiness_gate",
+  company_loop_readiness_recommendation_basic: "full_readiness_gate",
+  e2e_full_readiness_dogfood_basic: "proof_evidence",
+  // PR #149 — Activation Distribution Readiness v1
+  activation_distribution_readiness_basic: "activation_distribution_readiness",
+  activation_distribution_install_check_basic: "activation_distribution_readiness",
+  activation_distribution_recovery_check_basic: "activation_distribution_readiness",
+  activation_distribution_first_value_check_basic: "activation_distribution_readiness",
+  activation_distribution_no_public_launch_check_basic: "activation_distribution_readiness",
+  // PR #160 — Design Partner Feedback + Readiness Delta v1
+  design_partner_feedback_session_basic: "design_partner_feedback",
+  design_partner_feedback_import_basic: "design_partner_feedback",
+  design_partner_feedback_summary_basic: "design_partner_feedback",
+  design_partner_feedback_pack_basic: "design_partner_feedback",
+  design_partner_no_public_launch_check_basic: "design_partner_feedback",
+  readiness_delta_basic: "readiness_delta",
+  readiness_delta_score_movement_basic: "readiness_delta",
+  // PR #161 — Public Activation Distribution Truth v1
+  public_distribution_truth_basic: "public_distribution",
+  package_content_audit_basic: "public_distribution",
+  local_package_smoke_basic: "public_distribution",
+  public_install_claim_check_basic: "public_distribution",
+  publish_provenance_readiness_basic: "public_distribution",
+  public_activation_distribution_gate_basic: "public_distribution",
+  package_bin_truth_basic: "public_distribution",
+  pack_content_safety_basic: "public_distribution",
+  e2e_public_distribution_dogfood_basic: "proof_evidence",
+  // PR #162 — Plugin / Adapter Technical Readiness v1
+  host_capability_matrix_basic: "adapter_technical_readiness",
+  cross_host_install_readiness_basic: "adapter_technical_readiness",
+  cross_host_value_flow_basic: "adapter_technical_readiness",
+  adapter_safety_boundaries_basic: "adapter_technical_readiness",
+  host_support_context_basic: "adapter_technical_readiness",
+  browser_proof_preflight_basic: "adapter_technical_readiness",
+  adapter_readiness_technical_gate_basic: "adapter_technical_readiness",
+  e2e_adapter_technical_readiness_dogfood_basic: "proof_evidence",
+  // PR #163 — Cross-Host Install Plan + Browser-Proof Preflight v1
+  cross_host_install_plan_basic: "cross_host_adapter_readiness",
+  cross_host_adapter_readiness_surface_basic: "cross_host_adapter_readiness",
+  no_works_everywhere_claim_basic: "cross_host_adapter_readiness",
+  hooks_approval_cross_host_basic: "cross_host_adapter_readiness",
+  mcp_governance_cross_host_basic: "cross_host_adapter_readiness",
+  browser_automation_not_required_basic: "cross_host_adapter_readiness",
+  cross_host_host_support_context_basic: "cross_host_adapter_readiness",
+  e2e_cross_host_adapter_dogfood_basic: "proof_evidence",
+});
+
+const EVIDENCE_HINTS = Object.freeze({
+  activation_readiness: ".claude/cco/state/",
+  prompt_workflow_help: ".claude/cco/state/",
+  context_token_cost_optimization: ".claude/cco/state/",
+  frontend_visual_qa: ".claude/cco/reports/",
+  agent_security: ".claude/cco/security/",
+  agent_access_governance: ".claude/cco/security/",
+  install_intake_risk: ".claude/cco/security/install-intake/",
+  workspace_map: ".claude/cco/state/workspace-map.json",
+  skills_skill_packs: "skills/avorelo/",
+  proof_evidence: ".claude/cco/receipts/",
+  ai_workspace_hygiene: ".claude/cco/orchestration/ai-workspace-hygiene/",
+  work_ledger: ".claude/cco/orchestration/work-ledger/",
+  company_loop: ".claude/cco/orchestration/company-loop/",
+  execution_packet: ".claude/cco/orchestration/execution-packet/",
+  lifecycle_hooks: ".claude/cco/orchestration/hook-baseline/",
+  token_efficiency_hardening: ".claude/cco/orchestration/token-efficiency/",
+  mcp_tool_governance: ".claude/cco/orchestration/mcp-tool-governance/",
+  ai_install_onboarding: ".claude/cco/orchestration/ai-install/",
+  prelaunch_activation_readiness: ".claude/cco/orchestration/prelaunch-readiness/",
+  prelaunch_intelligence: ".claude/cco/orchestration/prelaunch-intelligence/",
+  full_readiness_gate: ".claude/cco/orchestration/full-readiness/",
+  activation_distribution_readiness: ".claude/cco/orchestration/activation-distribution/",
+  design_partner_feedback: ".claude/cco/feedback/design-partner/",
+  readiness_delta: ".claude/cco/orchestration/readiness-delta/",
+  public_distribution: ".claude/cco/orchestration/public-distribution/",
+});
+
+const STATUS_VISIBLE_IDS = new Set([
+  "local_activation",
+  "ai_coding_readiness",
+  "context_cost_basic",
+  "session_handoff_basic",
+  "workspace_map_basic",
+  "reference_source_intake_basic",
+  "skill_md_parser_basic",
+  "skill_pattern_extraction_basic",
+  "skill_trust_scan_basic",
+  "capability_binding_basic",
+  "source_backed_skill_router_basic",
+  "thin_adapter_guidance_sync_basic",
+  "visual_qa_weekly",
+  "browser_capability_basic",
+  "skills_security_basic",
+  "instruction_risk_basic",
+  "prompt_injection_basic",
+  "source_trust_basic",
+  "tool_risk_basic",
+  "mcp_tool_risk_basic",
+  "sensitive_file_guard",
+  "secret_exposure_guard",
+  "destructive_command_guard",
+  "scoped_action_guard_basic",
+  "approval_required_decisions",
+  "safe_path_recommendation_basic",
+  "least_privilege_scope_reduction_basic",
+  "jit_temporary_scope_fields_basic",
+  "approval_boundary_safe_path_basic",
+  "safe_path_receipt_basic",
+  "skills_security_dogfood_basic",
+  "skill_route_context_safety_basic",
+  "install_intake_risk_basic",
+  "mcp_intake_visibility_basic",
+  "package_intake_visibility_basic",
+  "extension_intake_visibility_basic",
+  "connector_intake_visibility_basic",
+  "skill_source_intake_risk_basic",
+  "intake_safe_next_action_basic",
+  "intake_receipt_basic",
+  "enforcement_evidence",
+  "evidence_latest",
+  "ai_workspace_hygiene_basic",
+  "mcp_workspace_visibility_basic",
+  "instruction_surface_hygiene_basic",
+]);
+
+const DASHBOARD_VISIBLE_IDS = new Set(STATUS_VISIBLE_IDS);
+
+const PRODUCT_STATUS_OVERRIDES = Object.freeze({
+  workspace_map_basic: "foundation",
+  reentry_memory_full: "partial",
+  visual_qa_advanced: "partial",
+  browser_governance_advanced: "partial",
+  browser_domain_boundary_readiness: "partial",
+  skills_security_advanced: "partial",
+  instruction_risk_advanced: "partial",
+  prompt_injection_advanced: "partial",
+  source_trust_advanced: "partial",
+  intent_mismatch_advanced: "partial",
+  tool_risk_advanced: "partial",
+  mcp_tool_risk_advanced: "partial",
+  scoped_action_guard_advanced: "partial",
+  scoped_jit_style_access: "partial",
+  least_privilege_profile: "partial",
+  zero_standing_permissions_posture: "partial",
+  approval_required_decisions: "partial",
+  safe_path_recommendation_basic: "foundation",
+  least_privilege_scope_reduction_basic: "foundation",
+  jit_temporary_scope_fields_basic: "partial",
+  approval_boundary_safe_path_basic: "foundation",
+  safe_path_receipt_basic: "foundation",
+  skills_security_dogfood_basic: "foundation",
+  skill_route_context_safety_basic: "foundation",
+  install_intake_risk_basic: "foundation",
+  mcp_intake_visibility_basic: "foundation",
+  package_intake_visibility_basic: "foundation",
+  extension_intake_visibility_basic: "foundation",
+  connector_intake_visibility_basic: "foundation",
+  skill_source_intake_risk_basic: "foundation",
+  intake_safe_next_action_basic: "foundation",
+  intake_receipt_basic: "foundation",
+  // AI Workspace Hygiene + Capability Registry v1
+  ai_workspace_hygiene_basic: "foundation",
+  ai_workspace_asset_inventory_basic: "foundation",
+  capability_registry_metadata_basic: "foundation",
+  workspace_skill_hygiene_basic: "foundation",
+  instruction_surface_hygiene_basic: "foundation",
+  mcp_workspace_visibility_basic: "foundation",
+  hook_surface_visibility_basic: "foundation",
+  package_script_hygiene_basic: "foundation",
+  orchestration_ready_capability_metadata_basic: "foundation",
+  // Execution Packet + Project Profile + Work Panel Preview v1
+  project_profile_detection_basic: "foundation",
+  execution_packet_basic: "foundation",
+  execution_packet_scope_boundaries_basic: "foundation",
+  agent_prompt_compiler_basic: "foundation",
+  work_panel_preview_basic: "foundation",
+  proof_requirements_packet_basic: "foundation",
+  diff_before_write_policy_basic: "foundation",
+  // Hook Baseline + Lifecycle Automation Preview v1
+  hook_baseline_registry_basic: "foundation",
+  adapter_readiness_basic: "foundation",
+  hook_config_preview_basic: "foundation",
+  lifecycle_hook_handler_basic: "foundation",
+  smart_route_hook_binding_basic: "foundation",
+  execution_packet_hook_binding_basic: "foundation",
+  safe_run_hook_binding_basic: "foundation",
+  pre_tool_use_guard_mapping_basic: "foundation",
+  post_tool_use_ledger_mapping_basic: "foundation",
+  stop_proof_gate_mapping_basic: "foundation",
+  session_end_summary_handoff_mapping_basic: "foundation",
+});
+
+const BASE_FAMILY_METADATA = Object.freeze([
+  {
+    id: "activation_readiness",
+    name: "Activation / Readiness",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/activation/*", "scripts/wuz-activate.js", "scripts/wuz-doctor.js"],
+    statusSurface: "status/dashboard/doctor",
+    evidence: ".claude/cco/state/activation.json, .claude/cco/state/readiness.json",
+    tests: "wuz-activation, wuz-doctor, activation summary",
+    notes: "Core first-value loop is already real and should not be rebuilt.",
+  },
+  {
+    id: "status_dashboard",
+    name: "Status / Dashboard",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["status CLI surface", "dashboard CLI surface", "scripts/lib/dashboard.js"],
+    statusSurface: "status/dashboard",
+    evidence: "proof and current-state summaries",
+    tests: "status/dashboard tests",
+    notes: "User-facing truth surface; keep bounded and honest.",
+  },
+  {
+    id: "prompt_workflow_help",
+    name: "Prompt / Workflow Help",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/prompt-compiler.js", "scripts/lib/workflow-discipline.js"],
+    statusSurface: "prompt, status, dashboard",
+    evidence: ".claude/cco/state/context-budget.json and prompt outputs",
+    tests: "prompt compiler and workflow discipline tests",
+    notes: "Prompt compiler is real product behavior, not docs-only guidance.",
+  },
+  {
+    id: "context_token_cost_optimization",
+    name: "Context / Token / Cost Optimization",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/context-*", "scripts/lib/value-ledger.js", "scripts/lib/dashboard.js"],
+    statusSurface: "status/dashboard",
+    evidence: ".claude/cco/state/, value ledger, proof metrics",
+    tests: "context budget, context safety, value ledger, reentry tests",
+    notes: "One of the strongest existing product loops.",
+  },
+  {
+    id: "model_worker_routing",
+    name: "Model / Worker Routing",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/orchestration/*"],
+    statusSurface: "route/run/models/orchestration/proof",
+    evidence: ".claude/cco/orchestration/current-proof.json",
+    tests: "orchestration CLI/core/model discovery",
+    notes: "Already merged through recent orchestration and model-discovery PRs.",
+  },
+  {
+    id: "execution_work_control",
+    name: "Execution / Work Control",
+    strength: "partial",
+    productStatus: "partial",
+    mainFiles: ["scripts/lib/orchestration/*", "scripts/lib/dashboard.js"],
+    statusSurface: "run/proof/status",
+    evidence: ".claude/cco/orchestration/, receipts",
+    tests: "orchestration and proof tests",
+    notes: "Fragments exist, but a unified work-item/routine/receipt model is still later work.",
+  },
+  {
+    id: "agent_security",
+    name: "Agent Security",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/agent-enforcement.js", "scripts/lib/agent-security/*"],
+    statusSurface: "guard/status/dashboard/proof",
+    evidence: ".claude/cco/security/",
+    tests: "agent-security, guard, trust-audit, browser-capability",
+    notes: "Keep as the current trust boundary; do not split out a new governance engine in this PR.",
+  },
+  {
+    id: "agent_access_governance",
+    name: "Agent Access Governance",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/agent-access-governance.js", "scripts/lib/agent-enforcement.js", "scripts/lib/agent-security/*"],
+    statusSurface: "guard/status/dashboard/proof",
+    evidence: ".claude/cco/security/agent-access-governance/, local governance receipts",
+    tests: "agent-access-governance, guard, status/dashboard, product-learning",
+    notes: "Foundation slice only: deterministic subject/scope/approval-boundary/receipt modeling. Safe Path and intake breadth remain later work.",
+  },
+  {
+    id: "install_intake_risk",
+    name: "Install / Intake Risk",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/install-intake-risk.js", "scripts/cco-skill-intake.js", "scripts/lib/agent-security/*"],
+    statusSurface: "intake/status/dashboard/proof",
+    evidence: ".claude/cco/security/install-intake/, .claude/cco/security/skill-intake-*.json",
+    tests: "install-intake-risk, guard, status/dashboard, validator tests",
+    notes: "Foundation slice only: deterministic local intake visibility for packages, MCP, extensions, guidance, skills, and connectors. No registry lookups, malware claims, or universal install enforcement.",
+  },
+  {
+    id: "safe_path_engine",
+    name: "Safe Path Engine",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/safe-path-engine.js", "scripts/lib/agent-enforcement.js", "scripts/lib/orchestration/*"],
+    statusSurface: "guard/status/dashboard/proof",
+    evidence: ".claude/cco/security/safe-path/, enforcement decisions, proof receipts",
+    tests: "safe-path, guard, orchestration, status/dashboard tests",
+    notes: "Foundation slice only: deterministic local reduced-scope recommendations, approval boundaries, and JIT-style fields where supported. No universal enforcement or automatic remediation claims.",
+  },
+  {
+    id: "workspace_map",
+    name: "Workspace Map",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/workspace-map.js", "scripts/lib/public-cli.js"],
+    statusSurface: "workspace-map command, status/dashboard summary",
+    evidence: ".claude/cco/state/workspace-map.json",
+    tests: "workspace-map tests",
+    notes: "Useful foundation. Keep exposure honest as compact navigation support, not product identity.",
+  },
+  {
+    id: "skills_skill_packs",
+    name: "Skills / Skill Packs",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/avorelo-skills.js", "scripts/lib/avorelo-skill-registry.js", "skills/avorelo/*", "vendor/skillpacks/*"],
+    statusSurface: "skills CLI, status/dashboard/proof summary",
+    evidence: ".avorelo/skills/registry.json, .claude/cco/skills/latest-route.json",
+    tests: "avorelo-skills tests",
+    notes: "Keep source-backed and local-first. This is not a marketplace and should never dump full skill bodies into context or adapters.",
+  },
+  {
+    id: "source_intake",
+    name: "Source Intake",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/source-catalog.js", "docs/references/*", "vendor/skillpacks/*/SOURCE.json"],
+    statusSurface: "skills CLI, status/dashboard/proof summary",
+    evidence: "docs/references/references.json, .claude/cco/skills/latest-source-adoption.json",
+    tests: "source-catalog tests",
+    notes: "Owns source/reference metadata and reviewed/deferred/blocked adoption truth, not runtime execution.",
+  },
+  {
+    id: "thin_adapters",
+    name: "Thin Adapters",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/avorelo-sync-adapters.js"],
+    statusSurface: "generator plus status/proof summary",
+    evidence: ".avorelo/generated/ (generated locally), .claude/cco/skills/latest-adapter-sync.json",
+    tests: "operating-layer validation and adapter guidance tests",
+    notes: "Thin, public-safe adapter guidance only. Core logic must stay in shared modules.",
+  },
+  {
+    id: "product_learning",
+    name: "Product Learning / AI-Native Loop",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/product-learning-events.js"],
+    statusSurface: "status/dashboard summary only",
+    evidence: ".claude/cco/events/product-learning.jsonl",
+    tests: "product-learning-events tests",
+    notes: "Local, redacted event logging exists; the full product loop is still later.",
+  },
+  {
+    id: "proof_evidence",
+    name: "Proof / Evidence",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/orchestration/proof-writer.js", "scripts/lib/dashboard.js"],
+    statusSurface: "proof/status/dashboard",
+    evidence: ".claude/cco/receipts/, orchestration proof",
+    tests: "proof tests",
+    notes: "Real today, but unified receipts across all families are later work.",
+  },
+  {
+    id: "pricing_entitlements",
+    name: "Pricing / Entitlements",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/plans.js", "scripts/lib/entitlements.js", "docs/Pricing-Capability-Mapping.md"],
+    statusSurface: "status/dashboard/website/docs",
+    evidence: "plan surface and pricing mapping doc",
+    tests: "avorelo-plans and plan-surface tests",
+    notes: "Free/Pro is real. Teams remains deferred and non-selectable.",
+  },
+  {
+    id: "website_onboarding",
+    name: "Website / Onboarding",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["apps/public-web/src/index.html", "docs/INSTALL.md", "docs/avorelo-local-usage.md"],
+    statusSurface: "public website/docs",
+    evidence: "public-web source-of-record and activation docs",
+    tests: "public web and website readiness tests",
+    notes: "Must follow product truth and avoid category drift.",
+  },
+  {
+    id: "frontend_visual_qa",
+    name: "Frontend / Visual QA",
+    strength: "strong",
+    productStatus: "shipped",
+    mainFiles: ["scripts/lib/visual-qa.js", "scripts/lib/browser-capability.js"],
+    statusSurface: "visual-qa/status/dashboard",
+    evidence: ".claude/cco/reports/visual-qa-latest.json",
+    tests: "visual-qa and browser-capability tests",
+    notes: "Supporting capability family only; not the product center.",
+  },
+  {
+    id: "ai_workspace_hygiene",
+    name: "AI Workspace Hygiene",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/ai-workspace-hygiene.js"],
+    statusSurface: "workspace-hygiene command, status/dashboard/proof compact summary",
+    evidence: ".claude/cco/orchestration/ai-workspace-hygiene/latest-report.json",
+    tests: "ai-workspace-hygiene tests",
+    notes: "Foundation slice: deterministic local scan of AI workspace assets, hygiene findings, and orchestration-ready capability metadata. Does not clone OpenHands, install hooks, patch MCP configs, or auto-modify user files in v1. Prepares data for future orchestration, Hook Baseline Pack, MCP cleanup, and plugin readiness.",
+  },
+  {
+    id: "execution_packet",
+    name: "Execution Packet / Project Profile",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/execution-packet.js", "scripts/lib/project-profile.js", "scripts/lib/work-panel-preview.js"],
+    statusSurface: "project-profile, execution-packet, work-panel commands, status/dashboard/proof compact summary",
+    evidence: ".claude/cco/orchestration/execution-packet/latest-packet.json, .claude/cco/orchestration/project-profile/latest-profile.json",
+    tests: "execution-packet, project-profile, work-panel-preview tests",
+    notes: "Foundation slice: deterministic project profile detection, scoped execution packet compiler, agent prompt compiler, and local work panel preview. No CSS editor, no browser injection, no Visual QA Bridge full implementation, no deploy automation. Blocked scope always overrides allowed scope. Proof-first workflow.",
+  },
+  {
+    id: "lifecycle_hooks",
+    name: "Lifecycle Hook Baseline + Automation Preview",
+    strength: "partial",
+    productStatus: "foundation",
+    mainFiles: ["scripts/lib/hook-baseline.js", "scripts/lib/lifecycle-hooks.js", "scripts/lib/adapter-readiness.js", "scripts/lib/hook-config-preview.js"],
+    statusSurface: "hooks, adapter-readiness, lifecycle-hook commands, status/dashboard/proof compact summary",
+    evidence: ".claude/cco/orchestration/hook-baseline/latest-baseline.json, .claude/cco/orchestration/adapter-readiness/latest-readiness.json, .claude/cco/orchestration/hook-baseline/latest-preview.json",
+    tests: "hook-baseline, lifecycle-hooks, adapter-readiness, hook-config-preview tests",
+    notes: "Preview/readiness slice only. Lifecycle handlers exist but are NOT auto-installed. No user config is modified. No global hook install. No full Claude plugin. No full OpenHands adapter. No ACP/A2A implementation. Hook apply requires explicit user approval in a future PR. Intended to make Avorelo seamless, not noisier.",
+  },
+  {
+    id: "launch_hardening",
+    name: "Launch Hardening",
+    label: "Launch Hardening",
+    description: "Gate checks and hardening for alpha launch readiness.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: ["scripts/lib/launch-hardening-gate.js"],
+    statusSurface: "launch-hardening command, status/dashboard compact summary",
+    evidence: ".claude/cco/orchestration/launch-hardening/latest-gate.json",
+    tests: "launch-hardening gate checks",
+    notes: "Foundation slice: deterministic gate checks for alpha launch readiness. Checks activation, hooks, token gate, support bundle, proof, artifact health, and CI mode. Does not make launch-ready claims.",
+  },
+  {
+    id: "failure_recovery_hardening",
+    name: "Failure Recovery",
+    label: "Failure Recovery",
+    description: "Taxonomy, classification, and safe recovery actions for all failure modes.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: ["scripts/lib/failure-recovery.js"],
+    statusSurface: "failure recovery receipt, doctor command",
+    evidence: ".claude/cco/orchestration/failure-recovery/latest-recovery.json",
+    tests: "failure recovery taxonomy checks",
+    notes: "Foundation slice: classifies every failure mode with a safe next action, severity, and recoverability flag. No raw logs, prompts, code, or secrets in receipts.",
+  },
+  {
+    id: "artifact_health_monitoring",
+    name: "Artifact Health",
+    label: "Artifact Health",
+    description: "Scan, classify, and clean local orchestration artifacts safely.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: ["scripts/lib/artifact-health.js"],
+    statusSurface: "artifacts command, status/dashboard compact summary",
+    evidence: ".claude/cco/orchestration/artifact-health/latest-health.json",
+    tests: "artifact health scan checks",
+    notes: "Foundation slice: scans .claude/cco artifacts for invalid JSON, stale receipts, oversized files. Plans and applies safe cleanup. Never deletes latest-*.json or outside .claude/cco.",
+  },
+  // PR #145 — MCP Least-Privilege Tool Governance v1
+  {
+    id: "mcp_tool_governance",
+    name: "MCP Tool Governance",
+    label: "MCP Tool Governance",
+    description: "Local static MCP tool inventory, risk classification, least-privilege policy, and PreToolUse enforcement.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: [
+      "scripts/lib/mcp-tool-inventory.js",
+      "scripts/lib/mcp-tool-risk.js",
+      "scripts/lib/mcp-least-privilege-policy.js",
+      "scripts/lib/mcp-enforcement.js",
+    ],
+    statusSurface: "mcp CLI (inventory, risk, policy, preview, doctor), PreToolUse hook, ledger, support-bundle",
+    evidence: ".claude/cco/orchestration/mcp-tool-governance/",
+    tests: "mcp-tool-inventory, mcp-tool-risk, mcp-least-privilege-policy, mcp-enforcement tests",
+    notes: "Foundation slice: static local governance only. No MCP server execution. No full MCP client/server. No external scanner. Preview only — config not modified. Unknown tools not auto-allowed. Every block has safeNextAction.",
+  },
+  // PR #146 — One-Prompt AI Install + Pre-Launch Activation Readiness v1
+  {
+    id: "ai_install_onboarding",
+    name: "AI Install Onboarding",
+    label: "AI Install Onboarding",
+    description: "One-prompt AI install experience. User copies a single prompt into Claude Code, Codex, Cursor, or VS Code. AI guides activation, readiness, hooks, MCP governance, and first-value summary.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: [
+      "scripts/lib/ai-install-prompt.js",
+    ],
+    statusSurface: "install-ai CLI (--prompt, --json, --dry-run), ai-install-prompt receipt",
+    evidence: ".claude/cco/orchestration/ai-install/latest-prompt.json",
+    tests: "ai-install-prompt tests",
+    notes: "Inspired by PostHog install-with-AI pattern. Hook apply still requires explicit --yes approval. MCP config not auto-modified. Global config not modified. No public website or pricing here.",
+  },
+  {
+    id: "prelaunch_activation_readiness",
+    name: "Pre-Launch Activation Readiness",
+    label: "Pre-Launch Activation Readiness",
+    description: "Gate that checks all required surfaces for the one-prompt AI install flow: activation, safe-run, hooks, MCP governance, token/context, launch hardening, support bundle, failure recovery.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: [
+      "scripts/lib/prelaunch-activation-readiness.js",
+    ],
+    statusSurface: "prelaunch-readiness CLI, first-value-check CLI, prelaunch readiness receipt",
+    evidence: ".claude/cco/orchestration/prelaunch-readiness/latest-activation-readiness.json",
+    tests: "prelaunch-activation-readiness tests",
+    notes: "Not a public launch claim. Pre-launch activation readiness only.",
+  },
+  // PR #147 — Pre-Launch Intelligence Layer v1
+  {
+    id: "prelaunch_intelligence",
+    name: "Pre-Launch Intelligence Layer",
+    label: "Pre-Launch Intelligence",
+    description: "Local-first intelligence layer that aggregates install, activation, feedback, token/cost, MCP, hardening, support signals into actionable pre-launch insight. Not a release candidate gate.",
+    productStatus: "foundation",
+    strength: "partial",
+    mainFiles: [
+      "scripts/lib/prelaunch-intelligence.js",
+      "scripts/lib/feedback-intelligence.js",
+      "scripts/lib/token-cost-intelligence.js",
+      "scripts/lib/prelaunch-evidence-store.js",
+      "scripts/lib/proof-outcome-evidence.js",
+      "scripts/lib/install-journey-intelligence.js",
+    ],
+    statusSurface: "prelaunch-intelligence CLI, feedback insights CLI, token-cost CLI, token-cost capture/summary/validate/import CLI, proof outcome/readiness CLI, install-journey CLI",
+    evidence: ".claude/cco/orchestration/prelaunch-intelligence/, .claude/cco/evidence/feedback/, .claude/cco/evidence/token-cost/, .claude/cco/orchestration/seamless-outcome/latest-proof-outcome-evidence.json",
+    tests: "prelaunch-intelligence, prelaunch-evidence-store, token-cost-intelligence, token-cost-capture, proof-outcome-evidence tests",
+    notes: "Local-only. Not a public launch claim. Not a release candidate gate. Measured/estimated/heuristic/missing stay separate. Feedback clustered, not raw-exposed. Token-cost capture, feedback evidence import, proof outcome evidence, and readiness evidence closure remain redacted and local-first.",
+  },
+]);
+const FAMILY_METADATA_MAP = new Map(BASE_FAMILY_METADATA.map((family) => [family.id, family]));
+
+function familyFromBucket(capability) {
+  if (FAMILY_OVERRIDES[capability.id]) return FAMILY_OVERRIDES[capability.id];
+  if (capability.bucket === "better_ai_coding_tasks") return "prompt_workflow_help";
+  if (capability.bucket === "automatic_context_cost_optimization") return "context_token_cost_optimization";
+  if (capability.bucket === "visual_qa_with_screenshots") return "frontend_visual_qa";
+  if (capability.bucket === "seamless_agent_security") return "agent_security";
+  if (capability.bucket === "evidence_and_history") return "proof_evidence";
+  return "execution_work_control";
+}
+
+function productStatusForCapability(capability) {
+  if (PRODUCT_STATUS_OVERRIDES[capability.id]) return PRODUCT_STATUS_OVERRIDES[capability.id];
+  if (capability.implementationStatus === "partial") return "partial";
+  if (capability.surfaceType === "docs_only") return "docs_only";
+  return "shipped";
+}
+
+function buildCapabilityEntry(capability) {
+  const familyId = familyFromBucket(capability);
+  const familyMetadata = FAMILY_METADATA_MAP.get(familyId);
+  return Object.freeze({
+    id: capability.id,
+    name: capability.label,
+    familyId,
+    familyName: familyMetadata?.name || familyId,
+    bucket: capability.bucket,
+    shortDescription: capability.description,
+    customerFacingDescription: capability.customerFacingDescription || capability.description,
+    planAvailability: capability.availability || { free: false, pro: false },
+    implementationStatus: capability.implementationStatus || "supported",
+    productStatus: productStatusForCapability(capability),
+    surfaceType: capability.surfaceType || "detection",
+    safeForPublicCopy: capability.safeForPublicCopy !== false,
+    sourceOfTruth: "scripts/lib/plans.js",
+    statusVisibility: STATUS_VISIBLE_IDS.has(capability.id),
+    dashboardVisibility: DASHBOARD_VISIBLE_IDS.has(capability.id),
+    evidencePathHint: EVIDENCE_HINTS[familyId] || null,
+    notes: familyMetadata?.notes || "",
+  });
+}
+
+const CAPABILITY_REGISTRY = Object.freeze(CAPABILITIES.map(buildCapabilityEntry));
+const REGISTRY_MAP = new Map(CAPABILITY_REGISTRY.map((entry) => [entry.id, entry]));
+
+function buildFamilyInventory() {
+  const capabilitiesByFamily = new Map(BASE_FAMILY_METADATA.map((family) => [family.id, []]));
+  CAPABILITY_REGISTRY.forEach((entry) => {
+    if (!capabilitiesByFamily.has(entry.familyId)) {
+      capabilitiesByFamily.set(entry.familyId, []);
+    }
+    capabilitiesByFamily.get(entry.familyId).push(entry.id);
+  });
+
+  return Object.freeze(
+    BASE_FAMILY_METADATA.map((family) => Object.freeze({
+      ...family,
+      capabilityIds: Object.freeze((capabilitiesByFamily.get(family.id) || []).slice().sort()),
+    }))
+  );
+}
+
+const CAPABILITY_FAMILIES = buildFamilyInventory();
+const FAMILY_MAP = new Map(CAPABILITY_FAMILIES.map((family) => [family.id, family]));
+
+const REQUIRED_CAPABILITY_FIELDS = [
+  "id",
+  "name",
+  "familyId",
+  "shortDescription",
+  "planAvailability",
+  "implementationStatus",
+  "productStatus",
+  "surfaceType",
+  "sourceOfTruth",
+  "statusVisibility",
+  "dashboardVisibility",
+];
+
+const REQUIRED_FAMILY_FIELDS = [
+  "id",
+  "name",
+  "strength",
+  "productStatus",
+  "mainFiles",
+  "capabilityIds",
+  "statusSurface",
+  "evidence",
+  "tests",
+  "notes",
+];
+
+function validateCapability(entry) {
+  const errors = [];
+  for (const field of REQUIRED_CAPABILITY_FIELDS) {
+    if (entry[field] === undefined || entry[field] === null) {
+      errors.push(`Missing required field: ${field}`);
+    }
+  }
+  if (!VALID_FAMILY_IDS.has(entry.familyId)) {
+    errors.push(`Unknown familyId: ${entry.familyId}`);
+  }
+  if (!VALID_PRODUCT_STATUSES.has(entry.productStatus)) {
+    errors.push(`Invalid productStatus: ${entry.productStatus}`);
+  }
+  if (!VALID_SURFACE_TYPES.has(entry.surfaceType)) {
+    errors.push(`Invalid surfaceType: ${entry.surfaceType}`);
+  }
+  if (entry.productStatus === "docs_only" && (entry.statusVisibility || entry.dashboardVisibility)) {
+    errors.push("docs_only capabilities cannot be shown as shipped in status or dashboard");
+  }
+  return { valid: errors.length === 0, errors };
+}
+
+function validateRegistry() {
+  const errors = [];
+  const seenIds = new Set();
+  const planIds = new Set(CAPABILITIES.map((capability) => capability.id));
+
+  for (const entry of CAPABILITY_REGISTRY) {
+    if (seenIds.has(entry.id)) {
+      errors.push(`Duplicate capability ID: ${entry.id}`);
+    }
+    seenIds.add(entry.id);
+    if (!planIds.has(entry.id)) {
+      errors.push(`Registry capability is not owned by plans.js: ${entry.id}`);
+    }
+    const result = validateCapability(entry);
+    result.errors.forEach((error) => errors.push(`[${entry.id}] ${error}`));
+  }
+
+  for (const capability of CAPABILITIES) {
+    if (!seenIds.has(capability.id)) {
+      errors.push(`plans.js capability missing from registry: ${capability.id}`);
+    }
+  }
+
+  return { valid: errors.length === 0, errors };
+}
+
+function validateFamilyInventory() {
+  const errors = [];
+  const seenIds = new Set();
+  const knownCapabilityIds = new Set(CAPABILITIES.map((capability) => capability.id));
+  const seenCapabilityAssignments = new Map();
+  const expectedByFamily = new Map(CAPABILITY_FAMILIES.map((family) => [family.id, family.capabilityIds.slice().sort()]));
+
+  for (const family of CAPABILITY_FAMILIES) {
+    if (seenIds.has(family.id)) {
+      errors.push(`Duplicate family ID: ${family.id}`);
+    }
+    seenIds.add(family.id);
+    for (const field of REQUIRED_FAMILY_FIELDS) {
+      if (family[field] === undefined || family[field] === null || family[field] === "") {
+        errors.push(`[${family.id}] Missing required field: ${field}`);
+      }
+    }
+    if (!VALID_FAMILY_IDS.has(family.id)) {
+      errors.push(`[${family.id}] Unknown family ID`);
+    }
+    if (!VALID_STRENGTHS.has(family.strength)) {
+      errors.push(`[${family.id}] Invalid strength: ${family.strength}`);
+    }
+    if (!VALID_PRODUCT_STATUSES.has(family.productStatus)) {
+      errors.push(`[${family.id}] Invalid productStatus: ${family.productStatus}`);
+    }
+    if (!Array.isArray(family.capabilityIds)) {
+      errors.push(`[${family.id}] capabilityIds must be an array`);
+    } else {
+      const familyCapabilityIds = family.capabilityIds.slice().sort();
+      family.capabilityIds.forEach((capabilityId) => {
+        if (!knownCapabilityIds.has(capabilityId)) {
+          errors.push(`[${family.id}] Unknown capability ID: ${capabilityId}`);
+        }
+        if (seenCapabilityAssignments.has(capabilityId)) {
+          errors.push(`[${family.id}] Capability appears in more than one family: ${capabilityId} already assigned to ${seenCapabilityAssignments.get(capabilityId)}`);
+        } else {
+          seenCapabilityAssignments.set(capabilityId, family.id);
+        }
+        const registryEntry = getCapability(capabilityId);
+        if (registryEntry && registryEntry.familyId !== family.id) {
+          errors.push(`[${family.id}] Capability ownership drift: ${capabilityId} derives to ${registryEntry.familyId}`);
+        }
+      });
+      const expectedIds = expectedByFamily.get(family.id) || [];
+      if (JSON.stringify(familyCapabilityIds) !== JSON.stringify(expectedIds)) {
+        errors.push(`[${family.id}] Family capabilityIds drift from derived ownership`);
+      }
+    }
+    if (family.productStatus === "docs_only" && /status|dashboard/i.test(family.statusSurface)) {
+      errors.push(`[${family.id}] docs_only family cannot be marked as status/dashboard surfaced`);
+    }
+    if (family.productStatus !== "gap" && !family.tests) {
+      errors.push(`[${family.id}] Missing tests metadata`);
+    }
+    if (family.productStatus !== "gap" && !family.evidence) {
+      errors.push(`[${family.id}] Missing evidence metadata`);
+    }
+  }
+
+  CAPABILITY_REGISTRY.forEach((entry) => {
+    const family = getFamily(entry.familyId);
+    if (!family) {
+      errors.push(`Registry entry ${entry.id} points to missing family ${entry.familyId}`);
+      return;
+    }
+    if (!family.capabilityIds.includes(entry.id)) {
+      errors.push(`Derived family inventory is missing capability ${entry.id} in ${entry.familyId}`);
+    }
+  });
+
+  return { valid: errors.length === 0, errors };
+}
+
+function validateTaxonomy() {
+  const errors = [];
+  const registry = validateRegistry();
+  const families = validateFamilyInventory();
+  errors.push(...registry.errors, ...families.errors);
+  return { valid: errors.length === 0, errors };
+}
+
+function getCapability(id) {
+  return REGISTRY_MAP.get(String(id || "").trim()) || null;
+}
+
+function listCapabilities() {
+  return Array.from(CAPABILITY_REGISTRY);
+}
+
+function listByFamily(familyId) {
+  return CAPABILITY_REGISTRY.filter((entry) => entry.familyId === familyId);
+}
+
+function listFamilies() {
+  return Array.from(CAPABILITY_FAMILIES);
+}
+
+function getFamily(familyId) {
+  return FAMILY_MAP.get(String(familyId || "").trim()) || null;
+}
+
+module.exports = {
+  CAPABILITY_REGISTRY,
+  CAPABILITY_FAMILIES,
+  VALID_FAMILY_IDS,
+  VALID_PRODUCT_STATUSES,
+  VALID_STRENGTHS,
+  VALID_SURFACE_TYPES,
+  validateCapability,
+  validateRegistry,
+  validateFamilyInventory,
+  validateTaxonomy,
+  getCapability,
+  listCapabilities,
+  listByFamily,
+  listFamilies,
+  getFamily,
+};